lwip-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #42987] lwIP is vulnerable to DNS cache poisoning due


From: Simon Goldschmidt
Subject: [lwip-devel] [bug #42987] lwIP is vulnerable to DNS cache poisoning due to non-randomized TXIDs
Date: Fri, 15 Aug 2014 08:00:06 +0000
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36

Update of bug #42987 (project lwip):

                  Status:                    None => Confirmed              
             Assigned to:                    None => goldsimon              

    _______________________________________________________

Follow-up Comment #1:

Todd, I think you effectively went public by adding this item: somehow, even
though privacy is set to 'private', mails are sent to the lwip-devel list,
which can be subscribed by anybody.

As to the bug report: the DNS code is really bad in generating the IDs: it
just uses the table index, so it isn't even a counter.

I'll change that as soon as I find the time. However, since there is no
official release (1.4.2) planned any time soon, the patch will have to be
manually applied to products in question (for now).

As a side remark: how can DNS cache poisoning make the philips system
insecure? Don't they authenticate the server??

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?42987>

_______________________________________________
  Nachricht gesendet von/durch Savannah
  http://savannah.nongnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]