CVE-2008-1447 v. glibc
Benny Amorsen
benny+usenet at amorsen.dk
Wed Jul 9 09:41:00 UTC 2008
Tom Lane <tgl at redhat.com> writes:
> The normal configuration for a stub resolver is that it's only pointed
> to locally-controlled caching servers; so long as you've fixed those
> servers, you should be safe AFAICS.
The attacker sends reply packets with the source-address of the
locally-controlled caching server. Network firewalls and reverse
path-checking can prevent this attack, but you cannot assume that all
machines with Fedora are behind routers and firewalls set up to
prevent the attack.
> If this analysis is not correct, I'd like to be informed by some means
> more polite than breaking into my home machines ;-)
Don't worry, I won't tell anyone that your root password is 12345.
/Benny
More information about the fedora-devel-list
mailing list