[dns-operations] Wormable RCE in MS Windows DNS Server CVE-2020-1350

Tony Finch dot at dotat.at
Mon Jul 20 21:08:17 UTC 2020


Alexander Bochmann <ab at lists.gxis.de> wrote:
>
> Would other nameservers drop a reply where this scheme with pointer
> compression resulting in a very large Signer's Name field is
> being used? It doesn't look invalid as such.

Name compression isn't allowed in SIG / RRSIG / NSEC, which are the
records that can be used to trigger this bug. A server would be justified
to drop responses with compressed names in the wrong place, but I don't
know how strict other implementations are in practice.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
promote human rights and open government


More information about the dns-operations mailing list