Vous m'avez dit ricemment : > On Wed, Jul 09, 2008 at 04:52:39PM +0200, Mathieu SEGAUD wrote: >> Vous m'avez dit ricemment : >> >> > Good morning, >> > >> > Today, I'm received alert from one of my friends regarding to >> > Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable >> > to cache poisoning. >> > http://www.kb.cert.org/vuls/id/800113 >> > >> > I checked the above site, and found that most of the *BSD status are >> > unknown. Is this bug affected OpenBSD default bind dns? >> >> OpenBSD's named is affected. >> It is a flow in the DNS protocol, which means potentially *all* >> implementations are affected... > > Credit where credit is due: djbdns isn't.
good to know. thanks. thus "potentially" > Without specifics on the issue, I can't tell if OpenBSD's bind is truly > vulnerable, but it certainly does use a fixed source port. Stuart Henderson already answered this question on misc@ (12:10 UTC, today). Named is vulnerable. The resolver is not :) -- Mathieu
