[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Lutz Donnerhacke lutz at iks-jena.de
Thu Jul 10 07:32:32 UTC 2008


* Patrick W. Gilmore wrote:
>> I'd worry, if I were you. "Trust the story". Once the story breaks,
>> you'll be able to test this for yourself.
>
> The last time we had something like this was the BGP/MD5 fiasco.  We  
> were told to trust the messengers, it was horrifically bad, the  
> Internet was about to die.

Let me told the story differently: There will be an exploit in the wild
which allows any script kid to poison any address on any recursor als long
as DNSSEC is not applied. Updating the software as recommended throw the
script kiddies out, the exploit is still applicable.

The only remaining question is: Who will publish the existing exploit first?
There is no question that the exploit does exists.

Due to my dummy question yesterday I got serveral hints what's on.




More information about the dns-operations mailing list