[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:50776] Re: [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

From: Kiyotaka ATSUMI <kiyotaka@xxxxxxxxx>
Subject: [debian-users:50776] Re: [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Date: Thu, 24 Jul 2008 17:25:59 +0900
List-help: <mailto:debian-users-ctl@debian.or.jp?body=help>
List-id: debian-users.debian.or.jp
List-owner: <mailto:debian-users-admin@debian.or.jp>
List-post: <mailto:debian-users@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-users-ctl@debian.or.jp?body=unsubscribe>
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-pgp-fingerprint: 9E2A 80B4 0F3D 424E 035F B594 991F 7795 DD6D 560F
X-pgp-key: http://www.ka-lab.jp/pubkey/kiyotaka-at-ka-lab.jp.asc
X-spam-checker-version: SpamAssassin 3.1.7-deb (2006-10-05) on osdn.debian.or.jp
X-spam-level:
X-spam-status: No, score=-1.8 required=10.0 tests=AWL,KI autolearn=disabled version=3.1.7-deb
References: <4874A665.9090100@xxxxxxxxxxxx>
Message-id: <20080724.172558.74734451.kiyotaka@xxxxxxxxx>
X-mail-count: 50776
X-mailer: Mew version 5.1.52 on Emacs 21.4 / Mule 5.0 (SAKAKI)

渥美と申します．

glibc関係のDNS詐称攻撃について質問させてください．

Debian-security-announceでは，

> --------------------------------------------------------------------------
> Debian Security Advisory DSA-1605-1                  security@debian.org
> http://www.debian.org/security/                           Florian Weimer
> July 08, 2008                         http://www.debian.org/security/faq
> --------------------------------------------------------------------------
>
> Package        : glibc
> Vulnerability  : DNS キャッシュポイゾニング攻撃
> Problem type   : リモート
> Debian-specific: いいえ
> CVE Id(s)      : CVE-2008-1447
> CERT advisory  : VU#800113

ということで、debian依存ではないと主張されていますが，他のlinuxベンダ
等からglibcがらみでDNS詐称攻撃の危険性について言及しているページが見当
たりません．

debian以外では攻撃によるインパクトが小さいと評価されているのか？それと
も別の理由なのか？あるいは，他のベンダでもglibcがらみでちゃんとアナウ
ンスしているのに小生が知らないだけなのか？この辺りの事情を御存知の方が
いらっしゃいましたら，教えてください．

--
Kiyotaka ATSUMI, Suzuka National College of Technology
Web: https://www.ka-lab.jp/
PGP Public Key: https://www.ka-lab.jp/pubkey/kiyotaka-at-ka-lab.jp.asc
Finger Print: 9E2A 80B4 0F3D 424E 035F B594 991F 7795 DD6D 560F

Follow-Ups:
- [debian-users:50787] Re: [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Hideki Yamane
- [debian-users:50788] Re: [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Mitsuhiro Yamazaki

References:
- [debian-users:50727] [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Seiji Kaneko

Prev by Date: [debian-users:50775] Re: ログイン直後にX Window Systemがハングアップ
Next by Date: [debian-users:50777] [Translate] [SECURITY] [DSA 1540-3] New lighttpd packages fix regression
Previous by thread: [debian-users:50727] [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by thread: [debian-users:50787] Re: [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Index(es):
- Date
- Thread