3. *Vulnerability Description*
DNS spoofing and cache poisoning attacks have been known security
threats that result from design weaknesses of the DNS protocol since the
early 1990s as described by Christopher Schuba [1] and Paul Vixie [2].
In 1997 a practical implementation of a blind remote DNS cache poisoning
attack that relies solely on exploiting the predictability of the ID
field of DNS query packets was described by Arce and Kargieman [3]. This
was followed up by further refinements and advancement of attack
techniques by Vagner Sacramento [4] and Joe Stewart [5] in 2002. Amit
Date: October 11th - 14th 2010
Venue: Crowne Plaza Mutiara Kuala Lumpur
Keynote 1: Chris Wysopal (CTO/Co-Founder, Veracode)
Keynote 2: Paul Vixie (President, ISC)
Day 2 (14th Oct) Special Keynote Panel Discussion
"The Future of Mobile Malware & Cloud Computing"
Keynote Panelist 1: Mikko Hypponen
* TECH TRAINING 3 - SAP Security In-Depth
* TECH TRAINING 4 - Hunting Web Attackers
Date: October 13th - Conf Day 1
* Keynote 1: Chris Wysopal (CTO/Co-Founder, Veracode)
* Keynote 2: Paul Vixie (President, ISC)
Date: October 14th - Conf Day 2
* Special Keynote Panel Discussion - "The Future of Mobile Malware & Cloud Computing"
* Keynote Panelist 1: Mikko Hypponen (F-Secure)
CVE-2007-4497). Another unspecified vulnerability related to untrusted
virtual machine images was discovered (CVE-2007-5617).
VMware products also shipped code copies of software with several
vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT
Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow
(GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813,
CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146).
Impact
======
-Amit
Gadi Evron wrote:
> This is Paul Vixie's response on this, when I asked him for verification:
>
> -----
> this bug has been reported over and over again for a dozen years. it's
> odd to have to keep fixing it-- i fixed it in bind4 and bind8 when theo
> de raadt offered me his random number generator to use. bind9 should've
This is Paul Vixie's response on this, when I asked him for verification:
-----
this bug has been reported over and over again for a dozen years. it's
odd to have to keep fixing it-- i fixed it in bind4 and bind8 when theo
de raadt offered me his random number generator to use. bind9 should've
used that same one but apparently didn't. note that with this fix, the
difficulty in poisoning someone's cache rises from "a few tens of seconds"
to "a few minutes". it's a 16-bit field. not a lot of room for
randomness or unpredictability. only DNSSEC, a protocol change, fixes
On Thu, Jul 26, 2007 at 11:40:55PM -0500, Gadi Evron wrote:
> This is Paul Vixie's response on this, when I asked him for verification:
>
> -----
> this bug has been reported over and over again for a dozen years. it's
> odd to have to keep fixing it-- i fixed it in bind4 and bind8 when theo
> de raadt offered me his random number generator to use. bind9 should've
> used that same one but apparently didn't. note that with this fix, the
> difficulty in poisoning someone's cache rises from "a few tens of seconds"
> to "a few minutes". it's a 16-bit field. not a lot of room for
