[dns-operations] CVE 2015-8000 actively exploited yesterday

Jean-Yves Bisiaux jyb at efficientip.com
Thu Dec 17 05:28:42 UTC 2015


2015-12-17 0:50 GMT+01:00 Nick Urbanik <nick.urbanik at optusnet.com.au>:

> BIND really needs to have a better strategy to dealing with unexpected
> input other than by dying.
>

As you probably know, this REQUIRE check is a protection to prevent code
execution on states interpretation that was not foresee by the code. And
fortunately, ISC developers wisely take time to put these REQUIRE points in
the BIND code to keep the algorithm integrity. Excepted to make sure to
cover all state combinations (not reachable for human now) I don't see
other option.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151217/a26ffeda/attachment.html>


More information about the dns-operations mailing list