CVE-2008-1447 v. glibc

Adam Tkac atkac at redhat.com
Wed Jul 9 11:38:38 UTC 2008


On Wed, Jul 09, 2008 at 04:20:54AM +0000, Bojan Smojver wrote:
> Jeffrey Ollie <jeff <at> ocjtech.us> writes:
> 
> > I think that the problem is mostly a server problem
> 
> According to this:
> 
> http://www.kb.cert.org/vuls/id/800113
> 
> It is not just a server problem:
> 
> "These caching resolvers are the most common target for attackers; however, stub
> resolvers are also at risk."
> 
> [...]
> 
> "As mentioned above, stub resolvers are also vulnerable to these attacks. Stub
> resolvers that will issue queries in response to attacker behavior, and may
> receive packets from an attacker, should be patched. System administrators
> should be alert for patches to client operating systems that implement port
> randomization in the stub resolver."
> 
> AFAIK, glibc is stub resolver on Fedora, hence the question.
> 
> --
> Bojan

In my opinion endpoint stub resolvers are not so vulnerable. If you want
spoof DNS data to resolver you have to force that resolver to
send query for name that you know - which is often impossible in
glibc's resolver case (AFAIK only happen when attacker opens
connection to some service and that service asks for attacker's
reverse DNS record for example).

Adam

-- 
Adam Tkac, Red Hat, Inc.




More information about the fedora-devel-list mailing list