ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] Notice: Another DNS security hole recognized

  • To: Ga <ga@xxxxxxxxxxxxxx>
  • Subject: [ga] Notice: Another DNS security hole recognized
  • From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
  • Date: Wed, 30 Jul 2008 19:35:41 -0700

All,

  As if one was not enough, eh!  Well like I have been harping
on, here is another that has finally been recognized that has
been around for awhile as well...

  Seems that the ISC hasn't fixed or reported this one either... >:(

  Here also is a new tool for users or admins. to check with:
https://www.dns-oarc.net/oarc/services/dnsentropy


08.31.22 CVE: CVE-2008-1447
Platform: Cross Platform
Title: Multiple Vendor DNS Protocol Insufficient Transaction ID
Randomization DNS Spoofing
Description: Multiple vendors' implementations of the DNS protocol are
exposed to a DNS-spoofing issue because the software fails to securely
implement random values when performing DNS queries. Microsoft Windows
DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS
releases are affected.
Ref: http://www.securityfocus.com/archive/1/494716


Regards,

Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827




<<< Chronological Index >>>    <<< Thread Index >>>