On Thu, Jul 10, 2008 at 12:14 AM, Mathieu SEGAUD <[EMAIL PROTECTED]> wrote: > Vous m'avez dit ricemment : > >> On Wed, Jul 09, 2008 at 04:52:39PM +0200, Mathieu SEGAUD wrote: >>> Vous m'avez dit ricemment : >>> >>> > Good morning, >>> > >>> > Today, I'm received alert from one of my friends regarding to >>> > Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable >>> > to cache poisoning. >>> > http://www.kb.cert.org/vuls/id/800113 >>> > >>> > I checked the above site, and found that most of the *BSD status are >>> > unknown. Is this bug affected OpenBSD default bind dns? >>> >>> OpenBSD's named is affected. >>> It is a flow in the DNS protocol, which means potentially *all* >>> implementations are affected... >> >> Credit where credit is due: djbdns isn't. > > good to know. thanks. thus "potentially" > >> Without specifics on the issue, I can't tell if OpenBSD's bind is truly >> vulnerable, but it certainly does use a fixed source port. > > Stuart Henderson already answered this question on misc@ (12:10 UTC, > today). Named is vulnerable. The resolver is not :) > > -- > Mathieu > >
I'm just finish re-read it right now. Thank you for the input and I agree that at this moment, we will waiting for the latest official update from OpenBSD developers. And probably a minor update for those who are deploying it over Debian. Looks like it is time to patch it. http://www.debian.org/security/2008/dsa-1603 Have a nice day! -zamri-
