[Full-disclosure] djbdns misformats some long response packets; patch and example attack
Jeremy Brown
0xjbrown41 at gmail.com
Thu Mar 5 16:20:42 GMT 2009
With all due respect, this isn't the first security hole found in Mr.
Bernstein's software, but seemingly the first he will actually
acknowledge. Well done, Matthew Dempsky.
On Thu, Mar 5, 2009 at 1:05 AM, Matthew Dempsky <matthew at dempsky.org> wrote:
> As a final update to this thread: Dan Bernstein acknowledged this bug
> as a security hole in djbdns and recommends that users install my
> patch. A copy of his post is available at
> http://marc.info/?l=djbdns&m=123613000920446&w=2.
>
Full-Disclosure is hosted and sponsored by Secunia.