Solaris Clients
Kevin Darcy
kcd at chrysler.com
Fri Jul 11 20:54:15 UTC 2008
Campbell, Paula - Kansas City, MO wrote:
> In looking I have not found any references to Solaris clients being
> vulnerable. Does anyone know if the clients are vulnerable to
> CVE-2008-1447?
>
>
Define what you mean by "client". If you're talking about a Sun
workstation running its own (BIND-based) caching nameserver, then yes,
this vulnerability applies to that, as it does to all "named" instances
that perform recursion.
If you're talking about a Solaris box functioning as a "stub resolver"
(i.e. the "nameserver" entries in /etc/resolv.conf all point to other
boxes), then, based on some brief testing I just did (Solaris 9), it
appears that the source port that the Solaris resolver libraries use for
outgoing queries is *sequential*, so it's already trivially guessable
and this vulnerability doesn't apply to it.
Fortunately, Solaris stub resolvers usually only talk to their
nameservers over relatively-secure links, and generally (unless someone
is foolish enough to leave the "hosts" cache of nscd enabled) don't
cache, so even if a response is forged, the damage is limited. Caveat:
applications which do DNS lookups may do their own caching of the results.
- Kevin
More information about the bind-users
mailing list