[ CC'ing Ian. ] Ian, are you planning a fix for this?
the relevant recommendations, btw, are available in an ietf draft rfc: http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience Thijs Kinkhorst wrote: > Package: adns > Version: 1.4-0.1 > Severity: important > Tags: security > > Hi, > > From inspecting the code of ands, it seems that it is not using the > recommended source port randomisation for countering the cache poisoning > attack as discovered by Dan Kaminski and referenced as CVE-2008-1447. > > Since this is a stub resolver the risk is lesser than for caching > nameservers, > but nonetheless this is an issue which we really should be fixing in lenny. > Can you please look into that? As it seems a fix for important bugs can still > be granted a freeze exception. > > If a straghtforward fix is available for etch, it would be released by the > security team. > > thanks, > Thijs -- Robert Edmonds [EMAIL PROTECTED]
signature.asc
Description: Digital signature
