[dns-operations] Wormable RCE in MS Windows DNS Server CVE-2020-1350
dot at dotat.at
Mon Jul 20 21:08:17 UTC 2020
Alexander Bochmann <ab at lists.gxis.de> wrote:
> Would other nameservers drop a reply where this scheme with pointer
> compression resulting in a very large Signer's Name field is
> being used? It doesn't look invalid as such.
Name compression isn't allowed in SIG / RRSIG / NSEC, which are the
records that can be used to trigger this bug. A server would be justified
to drop responses with compressed names in the wrong place, but I don't
know how strict other implementations are in practice.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
promote human rights and open government
More information about the dns-operations