Re: FWD: CVE-request: systemd-resolved DNS cache poisoning
On 12-11-2014 18:22, Martinx - ジェームズ wrote:
This worth to be read:
IMHO, the answer is more interesting .
"BIND 9 is supposed to filter such garbage from upstream answers, but
there are other resolvers out there which will pass through such answers
unchanged, so this is very much CVE-worthy.
(This systemd component is optional, I strongly recommend not to ship
it. It's not even possible right now to dump the cache contents to debug
Florian Weimer / Red Hat Product Security"
Dimitrios Chr. Ioannidis