Hi,
Version 0.2 of UDNS supports random selection of Transaction
ID and Source Port.
This would 'solve' the RC-bug.
Not much packages
depens on UDNS, only Jabber2d does. Because Jabber2 won't
migratie to
another DNS-resolver I think UDNS has to continue in Debian.
I have
uploaded the new
After several years of silence I'm about to release
a new version of udns, with just one bugfix and a change
from sequentional queue IDs for queries to random, using
a simple pseudo-random number generator by Bob Jenkins.
This affects queueIDs _only_, not source port, because
by design udns uses
On Wed, Dec 01, 2010 at 06:44:26PM +0300, Michael Tokarev wrote:
After several years of silence I'm about to release
a new version of udns, with just one bugfix and a change
from sequentional queue IDs for queries to random, using
a simple pseudo-random number generator by Bob Jenkins.
This
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: udns
Subject: udns: Transaction ID and Source Port not random enough
Version: 0.0.9-2
Severity: grave
Tags: security
Consecutive queries use the same initial fixed random port and
consecutive transaction IDs. This allow exploits using
4 matches
Mail list logo