Recent ISS Security Announcement
Ragnar Paulson
ragnar at wanware.com
Thu Nov 14 20:23:23 UTC 2002
Forgive me if this has been hashed out already. I searched the archives =
at Marc and didn't find what I was looking for. =20
The ISS security announcement about SIG RR suggests that a nameserver =
doing a recursive lookup for a client can cache bad data that may lead =
to an exploit. There is no known exploit. Have I understand this =
correctly? =20
What is not clear to me at all is who can cause the buffer overflow? =
The client for whom the dns is doing the recursion or the malicious =
remote nameserver that sent the bad "SIG RR"? =20
Put another way, if I have named/bind configure to only allow recursion =
to local users ... is this still remotely exploitable? =20
Thanks in advance,
Ragnar Paulson
----
Ragnar Paulson ragnar at wanware.com
The Software Group Limited
705 725 9999 x21
More information about the bind-users
mailing list