AIX named8 & CVE-2008-1447 / VU#800113
Mark van Huijstee
huijstee at dds.nl
Wed Aug 13 21:07:51 UTC 2008
Hi,
As implementing the IBM provided fix for CVE-2008-1447/VU#800113 would mean
a lot of affort, I would like to find out if it is really needed.
Our scenario :
As the AIX resolver does not do any caching, we setup a caching only
nameserver (named8) with the following configuration :
options {
forward only;
forwarders { <IP DNS server1>;<IP DNS server2>; };
listen-on { 127.0.0.1; };
};
The /etc/resolf.conf only point to the loopback address.
The way I see it, is that in order to poison the cache the user needs to
have access to the system and run some kind of tool to perform the
poisoning.
As the named does not provide services to other hosts (it only listens to
the loopback address), the risk is very slim.
My task is to do a risk analysis and have the correct actions performed in
this matter (if needed).
I did open a service request with IBM, but I'm not sure if the reply will be
satisfying.
Maybe some of the bind guru's can give me some further insights/suggestions
in this matter!
Thanks a lot!
Kind regards,
Mark van Huijstee
More information about the bind-users
mailing list