Re: SNI-12: Update

Perry E. Metzger (perry@piermont.com)
Tue, 22 Apr 1997 23:39:44 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Theo de Raadt: "Re: SNI-12: BIND Vulnerabilities and Solutions"
Previous message: David Wagner: "Re: SNI-12: BIND Vulnerabilities and Solutions"
Maybe in reply to: Oliver Friedrichs: "SNI-12: Update"

Oliver Friedrichs writes:
> I apologize for causing more traffic on this, however the patches in the
> advisory "SNI-12: BIND Vulnerabilities and Solutions" were modified by PGP
> when signing the message and will not apply without some hacking.
>
> Copies of the patches (both context and unified formats) can be obtained
> from ftp://ftp.secnet.com/pub/patches.

The patches given seem woefully inadequite in several respects -- a
bad, easily predicted pseudorandom number generator being just one of
the problems.

The right technque is probably to adapt the methods used to prevent
TCP sequence number guessing that were proposed by Steve Bellovin in
RFC1948.

Perry

> A Windows NT version of the fixed BIND should also be availible soon until
> an official release is made (this is not the Microsoft DNS server, however
> BIND ported to Windows NT). It will be availible in the same directory.
>
> - Oliver
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Secure Networks Incorporated. Calgary, Alberta, Canada, (403) 262-9211

Next message: Theo de Raadt: "Re: SNI-12: BIND Vulnerabilities and Solutions"
Previous message: David Wagner: "Re: SNI-12: BIND Vulnerabilities and Solutions"
Maybe in reply to: Oliver Friedrichs: "SNI-12: Update"