On Mar 14, 2014, at 7:06 AM, Stephane Bortzmeyer <bortzme...@nic.fr> wrote:
> On Fri, Mar 14, 2014 at 01:59:27PM +0000, > Nick Hilliard <n...@foobar.org> wrote > a message of 10 lines which said: > >> did you characterise what dns servers / embedded kit were >> vulnerable? > > He said "We have not been able to nail this vulnerability down to a > single box or manufacturer" so it seems the answer is No. It is my understanding that many CPEs work off of same reference implementation(s). I haven't had any cycles for this but with all the CPE issues out there it would be interesting to have a matrix of which CPEs utilize which reference implementation. That may start giving some clues. Has someone / is someone doing this? - merike
signature.asc
Description: Message signed with OpenPGP using GPGMail
