[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #42987] lwIP is vulnerable to DNS cache poisoning due
|
From: |
Simon Goldschmidt |
|
Subject: |
[lwip-devel] [bug #42987] lwIP is vulnerable to DNS cache poisoning due to non-randomized TXIDs |
|
Date: |
Fri, 15 Aug 2014 08:00:06 +0000 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 |
Update of bug #42987 (project lwip):
Status: None => Confirmed
Assigned to: None => goldsimon
_______________________________________________________
Follow-up Comment #1:
Todd, I think you effectively went public by adding this item: somehow, even
though privacy is set to 'private', mails are sent to the lwip-devel list,
which can be subscribed by anybody.
As to the bug report: the DNS code is really bad in generating the IDs: it
just uses the table index, so it isn't even a counter.
I'll change that as soon as I find the time. However, since there is no
official release (1.4.2) planned any time soon, the patch will have to be
manually applied to products in question (for now).
As a side remark: how can DNS cache poisoning make the philips system
insecure? Don't they authenticate the server??
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?42987>
_______________________________________________
Nachricht gesendet von/durch Savannah
http://savannah.nongnu.org/