lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1146418334.2038.1.camel@localhost.localdomain>
Date: Sun Apr 30 18:32:26 2006
From: barrie at reboot-robot.net (Barrie Dempster)
Subject: NISCC DNS Protocol Vulnerability

On Fri, 2006-04-28 at 22:59 +0300, Markus Jansson wrote: 
> http://www.niscc.gov.uk/niscc/vulnAdv-en.html
> "The vulnerabilities described in this advisory affect implementations 
> of the Domain Name System (DNS) protocol. Many vendors include support 
> for this protocol in their products and may be impacted to varying 
> degrees, if at all."

Not a lot of useful information provided though. The DNS testing tool
hasn't been publicly released by OUSPG yet, so researchers can't use it
to independently test the affected applications. Any advisories that
become apparent will come out individually anyway, so the information on
those vulnerabilities will be forthcoming. NISCC are markedly reserved
in giving out vulnerability information (ie.. they follow the vendors
lead), so anything shown there won't be news to those watching for
vendor announcements.

The other PROTOS test tools are fairly interesting, some of which have
been around for a while - but until the vendors release details/patches
or the DNS test tool is released, there isn't much to see here in
regards DNS vulnerabilities. There's some scraps of information which
would give an idea of where to look, but it basically boils down to
"Fuzz the DNS implementations".

-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

              - http://reboot-robot.net -

"He who hingeth aboot, geteth hee-haw" Victor - Still Game
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1859 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060430/96261d72/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ