Re: FWD: CVE-request: systemd-resolved DNS cache poisoning

To: debian-user@lists.debian.org
Subject: Re: FWD: CVE-request: systemd-resolved DNS cache poisoning
From: "Dimitrios Chr. Ioannidis" <d.ioannidis@nephelae.eu>
Date: Wed, 12 Nov 2014 19:07:08 +0200
Message-id: <[🔎] 1a8a7136df43f3303b0daf1ae067fec9@nephelae.eu>
Reply-to: d.ioannidis@nephelae.eu
In-reply-to: <[🔎] CAJSM8J3f-AzXoe_f2uxSHfz+-EhPbMTeN8SC+8gAHjZYW-PzSg@mail.gmail.com>
References: <[🔎] CAJSM8J3f-AzXoe_f2uxSHfz+-EhPbMTeN8SC+8gAHjZYW-PzSg@mail.gmail.com>

On 12-11-2014 18:22, Martinx - ジェームズ wrote:

Guys,

This worth to be read:

http://seclists.org/oss-sec/2014/q4/592

Best,
Thiago



IMHO, the answer is more interesting .

QUOTE :

"BIND 9 is supposed to filter such garbage from upstream answers, butthere are other resolvers out there which will pass through such answersunchanged, so this is very much CVE-worthy.

(This systemd component is optional, I strongly recommend not to shipit. It's not even possible right now to dump the cache contents to debugsuch issues.)



--
Florian Weimer / Red Hat Product Security"


Regards,
--
Dimitrios Chr. Ioannidis

Reply to:

References:
- FWD: CVE-request: systemd-resolved DNS cache poisoning
  - From: Martinx - ジェームズ <thiagocmartinsc@gmail.com>

Prev by Date: Installing from Backports (Was: INTEL HD Graphics)
Next by Date: Re: systemd - so much energy wasted in quarreling
Previous by thread: Re: FWD: CVE-request: systemd-resolved DNS cache poisoning
Next by thread: how to install amd64 instead i386
Index(es):
- Date
- Thread