PLEASE READ: An Important Security Announcement from ISC
Kazunori Fujiwara
fujiwara at wide.ad.jp
Wed Feb 8 10:40:51 UTC 2012
Searching the title of the vulnerability with google results one PDF document.
http://www.google.co.jp/#q=Ghost+Domain+Names:+Revoked+Yet+Still+Resolvable+PDF
It shows details.
--
Kazunori Fujiwara
> From: Michael McNally <mcnally at isc.org>
> PLEASE READ: An important security announcement from ISC
>
> ISC has been notified by Haixin Duan (a professor at Tsinghua
> University in Beijing China, who is currently visiting the
> International Computer Science Institute (ICSI) at the University
> of California, Berkeley) about a DNS resolver vulnerability that
> potentially allows a party to keep a domain name in the cache
> even after that domain name has been expired
>
> ISC is evaluating the risk of this vulnerability, but his published
> paper shows how this was demonstrated, live across the Internet.
> It lists several DNS implementations and open resolver deployments
> as vulnerable. All BIND 9 versions are currently considered
> vulnerable.
>
> A more detailed description of this vulnerability and ISC's
> planned response can be found at:
>
> https://www.isc.org/software/bind/advisories/cve-2012-1033
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list