[Cialtroni] [fw@deneb.enyo.de: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver]

8 Lug 2008


      sembra seria, raccomando a tutti di aggiornare il dns server.
io l'ho gia' fatto su laundry.
ciao...
----- Forwarded message from Florian Weimer fw@deneb.enyo.de -----
From: Florian Weimer fw@deneb.enyo.de
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub
    resolver
Date: Tue, 08 Jul 2008 19:05:29 +0200
X-Spam-Level: 
X-Mailing-List: debian-security-announce@lists.debian.org archive/latest/279
------------------------------------------------------------------------
Debian Security Advisory DSA-1605-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
July 08, 2008                         http://www.debian.org/security/faq
------------------------------------------------------------------------
Package        : glibc
Vulnerability  : DNS cache poisoning
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-1447
CERT advisory  : VU#800113
Dan Kaminsky discovered that properties inherent to the DNS protocol
lead to practical DNS spoofing and cache poisoning attacks.  Among
other things, successful attacks can lead to misdirected web traffic
and email rerouting.
At this time, it is not possible to implement the recommended
countermeasures in the GNU libc stub resolver.  The following
workarounds are available:
1. Install a local BIND 9 resoler on the host, possibly in
forward-only mode.  BIND 9 will then use source port randomization
when sending queries over the network.  (Other caching resolvers can
be used instead.)
2. Rely on IP address spoofing protection if available.  Successful
attacks must spoof the address of one of the resolvers, which may not
be possible if the network is guarded properly against IP spoofing
attacks (both from internal and external sources).
This DSA will be updated when patches for hardening the stub resolver
are available.
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


----- End forwarded message -----

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

[Cialtroni] [fw@deneb.enyo.de: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver]