[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:50796] Re: [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

From: Kiyotaka ATSUMI <kiyotaka@xxxxxxxxx>
Subject: [debian-users:50796] Re: [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Date: Mon, 28 Jul 2008 19:44:46 +0900
List-help: <mailto:debian-users-ctl@debian.or.jp?body=help>
List-id: debian-users.debian.or.jp
List-owner: <mailto:debian-users-admin@debian.or.jp>
List-post: <mailto:debian-users@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-users-ctl@debian.or.jp?body=unsubscribe>
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-pgp-fingerprint: 9E2A 80B4 0F3D 424E 035F B594 991F 7795 DD6D 560F
X-pgp-key: http://www.ka-lab.jp/pubkey/kiyotaka-at-ka-lab.jp.asc
X-spam-checker-version: SpamAssassin 3.1.7-deb (2006-10-05) on osdn.debian.or.jp
X-spam-level:
X-spam-status: No, score=-1.9 required=10.0 tests=AWL,KI autolearn=disabled version=3.1.7-deb
References: <4874A665.9090100@xxxxxxxxxxxx> <20080724.172558.74734451.kiyotaka@xxxxxxxxx> <A59829B2EBB04AD8AF5F91D8C2705086@none697a1tscnb>
Message-id: <20080728.194445.41640112.kiyotaka@xxxxxxxxx>
X-mail-count: 50796
X-mailer: Mew version 5.1.52 on Emacs 21.4 / Mule 5.0 (SAKAKI)

渥美です．情報ありがとうございます．

"Mitsuhiro Yamazaki" <mitsuhiro@xxxxxxxxxxxxx> wrote (Sun, 27 Jul 2008 19:27:02 +0900)

> > ということで、debian依存ではないと主張されていますが，他のlinuxベンダ
> > 等からglibcがらみでDNS詐称攻撃の危険性について言及しているページが見当
> > たりません．
> 
> cache poisoning glibc -debian
> 
> でググるといくつかひっかかりました。

あれ，調査不足を補って頂きありがとうございます．確かにいろいろ出ている
ことが分かりました．

> http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2008-04/msg00004.html

こちらは，[g]libcが用意するrand()関数を使ったportのランダム化は予測が
可能で危険ですよ，と言っている感じで，[g]libc内に埋め込まれたstub
resolverのことではなさそうです．

stub resolverについての評価については難しい所ですが，work aroundで推奨
しているcache serverを自前で建てる方法には不安を感じます．DNSを管理す
るということが良く分からずにwork aroundを実践してしまうとかえって傷口
を拡げそうです．

人に説明する必要がありそうなので，いろいろ質問させてもらっていますが，
悩みは深まるばかりにおもえます。'_`;

--
Kiyotaka ATSUMI, Suzuka National College of Technology
Web: https://www.ka-lab.jp/
PGP Public Key: https://www.ka-lab.jp/pubkey/kiyotaka-at-ka-lab.jp.asc
Finger Print: 9E2A 80B4 0F3D 424E 035F B594 991F 7795 DD6D 560F

References:
- [debian-users:50727] [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Seiji Kaneko
- [debian-users:50776] Re: [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Kiyotaka ATSUMI
- [debian-users:50788] Re: [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Mitsuhiro Yamazaki

Prev by Date: [debian-users:50795] Re: Audaciousが起動しない
Next by Date: [debian-users:50797] [Translate] [SECURITY] [DSA 1621-1] New icedove packages fix several vulnerabilities
Previous by thread: [debian-users:50788] Re: [Translate] [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by thread: [debian-users:50728] [Translate] [SECURITY] [DSA 1604-1] BIND 8 deprecation notice
Index(es):
- Date
- Thread