oss-security - Re: a new bind issue

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <971275315.695731259086917677.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Tue, 24 Nov 2009 13:21:57 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: a new bind issue

I'm going to defer this assignment to MITRE. I suspect they've gotten a number of
requests for this one already (I want to avoid a duplicate assignment).

Thanks.

-- 
    JB


----- "Oden Eriksson" <oeriksson@...driva.com> wrote:

> Hello.
> 
> A new bind release is out there, it mentions:
> 
> "It addresses a potential cache poisoning vulnerability, in which data
> in the 
> additional section of a response could be cached without proper DNSSEC
> 
> validation."
> 
> "2772.   [security]      When validating, track whether pending data
> was from
>                         the additional section or not and only return
> it if
>                         validates as secure. [RT #20438]"
> 
> 
> A CVE should probably be assigned.
> 
> 
> -- 
> Regards // Oden Eriksson
> Security team manager - Mandriva

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.