[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning
Jeremy C. Reed
reed at reedmedia.net
Wed Jul 9 10:58:54 UTC 2008
On Wed, 9 Jul 2008, Lutz Donnerhacke wrote:
> * Duane Wessels wrote:
> > http://www.kb.cert.org/vuls/id/800113
> > Recent additional research into [DNS defects and deficiencies]
> > and methods of combining them to conduct improved cache poisoning
> > attacks have yielded extremely effective exploitation techniques.
>
> That is very weak claim. Poisoning is not a new problem. What is really
> new?
Quoting from the above URL: "DNS cache poisoning is not a new concept" and
"Recent additional research into these issues and methods of combining
them to conduct improved cache poisoning attacks have yielded extremely
effective exploitation techniques."
Yesterday the media was told "We are not telling you how it works
... severity can be shown by who is all involved."
Again emphasizing from US-CERT above: "extremely effective exploitation".
More information about the dns-operations
mailing list