近期发现BIND9存在新漏洞,攻击者可远程利用此漏洞进行缓存中毒。OpenBSD版BIND9因采用线性同余发生器而非线性反馈移位寄存器,故不受该漏洞影响。
as some of you may have noticed, a new weakness in BIND 9 has recently been discovered. using this weakness, an attacker can remotely poison the cache of any BIND 9 server. the attacker can do this due to a weakness in the transaction ID generation algorithm used.
when BIND 9 was first imported into OpenBSD, we decided not to use the default ID generation algorithm (LFSR, Linear Feedback Shift
Register) but to use a more proven algorithm (LCG, Linear Congruential Generator) instead. thanks to this wise decision, the BIND 9 shipped with OpenBSD does not have this weakness.
Register) but to use a more proven algorithm (LCG, Linear Congruential Generator) instead. thanks to this wise decision, the BIND 9 shipped with OpenBSD does not have this weakness.
the proactive security of OpenBSD strikes again,
jakob
==============================================================================
A glance at the README.OpenBSD file for 4.1 in /usr/src/usr.sbin/bind shows (among other things):
- add LCG (Linear Congruential Generator) implementation to libisc
- use LCG instead of LFSR for ID generation until LFSR is proven reliable
- strlcpy/strlcat/snprintf fixes
- use LCG instead of LFSR for ID generation until LFSR is proven reliable
- strlcpy/strlcat/snprintf fixes
Without digging into things deeper, it looks like this is unlikely to be an issue since the OBSD version doesn't rely on LFSR.
==============================================================================
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
