[dns-operations] Wormable RCE in MS Windows DNS Server CVE-2020-1350

Tony Finch dot at dotat.at
Thu Jul 23 13:07:17 UTC 2020


Brian Somers <bsomers at opendns.com> wrote:

> RFC 3597 section 4 backtracks on this a little and suggests that resolvers
> SHOULD decompress SIG (and others) because it was a mistake to allow
> it to be compressed in the first place.

Oh! thanks for pointing that out, I had it in my head that compression was
simply not allowed for records newer than RFC 1035, but of course this is
the DNS so "simply" is always a snare and a delusion.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Shannon, Rockall: Variable 3 or 4 backing south or southeast, veering
southwest later, 5 or 6. Slight or moderate. Occasional rain, fog patches.
Moderate or good, occasionally very poor.


More information about the dns-operations mailing list