[unisog] Query on CERT VU#800113

Doug Pearson dodpears at indiana.edu
Mon Jul 21 13:37:22 GMT 2008


Valdis.Kletnieks at vt.edu wrote:
> On Fri, 18 Jul 2008 21:40:29 EDT, Alan Clegg said:
> 
>> Were you already safe because you run an unaffected server?
> 
> Alan, I thought you knew better, unless you're intentionally baiting
> people. ;)
> 
> Folks - unless you've deployed DNSSEC, you are running an affected server,
> *even if you have installed the recent patches*.  All the patches do is make it
> more difficult to exploit the issue found by Dan Kaminsky, they do *NOT*
> totally remove it.
> 
> Repeat - The recent patches only make it more difficut, they do *not* remove it.

Hi Valdis,

Agreed that the patch doesn't completely fix the issue, it only makes 
exploitation more difficult, *but*, so that some don't thereby dismiss 
the importance of patching or otherwise protecting their infrastructure, 
it's probably best to mention that the patch offers a substantial degree 
of protection against what some have characterized as trivial* exploitation.

* we'll have to wait for Dan's talk to know for sure

Regards,

Doug Pearson




More information about the unisog mailing list