[dns-operations] After 6 months - fix available for Microsoft DNS cache poisoning attack (fwd)

B C brettlists at gmail.com
Fri May 9 23:41:58 UTC 2008


I can confirm as much as, while working in a large enterprise recently (at
which I am no longer employed) a member of MS staff did inform me that a
recent MS DNS patch did cause Memory leak issues and that a fix was in the
works, I can't however confirm the rest of the story.

Brett

On Fri, May 9, 2008 at 3:13 AM, Gadi Evron <ge at linuxbox.org> wrote:

> Forwarded as-is, no idea on authenticity.
>
>
> ---------- Forwarded message ----------
> Date: 8 May 2008 14:37:31 -0000
> From: rick.a.cook at gmail.com
> To: bugtraq at securityfocus.com
> Subject: Re: After 6 months - fix available for Microsoft DNS cache
> poisoning
>     attack
>
> After implementing this patch on a large scale network, it was discovered
> that this patch caused a dns memory leak. Microsoft has since corrected this
> issue with a private fix. Even worse, in my large enterprise, this patch
> caused the exact spoofing that it intended to prevent. Somehow the code to
> increase the entropy has caused random xid's to cross and spoof randomly,
> poisioning the cache through normal usage without the use of extracurricular
> programs. I've reported this to Microsoft and have been working with them in
> fixing this issue, which to date has not been fixed.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20080510/99404bfa/attachment.html>


More information about the dns-operations mailing list