[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] keyserver stats gathering
|
From: |
Mire, John |
|
Subject: |
Re: [Sks-devel] keyserver stats gathering |
|
Date: |
Wed, 24 Feb 2016 13:02:03 +0000 |
On 2/24/2016 03:35, Kristian Fiskerstrand wrote:
> On 02/24/2016 10:19 AM, Mire, John wrote:
>
>> The gossip, queries and stats traffic is not a problem, according
>> to Security, what they were questioning me about was the queries to
>> the server flagging CVE-2014-3207 as a concern. I had to look up
>> this vuln and couldn't answer their questions. I know I'm running
>>> = 1.1.5 so I don't have to worry. So if there are scripts being
>> run against the server that should be whitelisted, it's not
>> documented anywhere they could find, including the wiki and the
>> associated links for source.
> Heh,
>
> Yeah, that'd be one of mine. SKS 1.1.5 is not affected, but there
> possible server mitigations for lower versions so simple test is made:
>
> https://git.sumptuouscapital.com/?p=sks-keyservers-pool.git;a=blob;f=sks-keyservers.net/status-srv/test_cve-2014-3207.sh;h=a4a959e67461cf2d68c23ed5a5dd161d693d87eb;hb=HEAD
>
>
Thanks! I'll forward that to them.
/john
--
John Mire: address@hidden
LSU Health System