[unisog] Query on CERT VU#800113
dodpears at indiana.edu
Mon Jul 21 13:37:22 GMT 2008
Valdis.Kletnieks at vt.edu wrote:
> On Fri, 18 Jul 2008 21:40:29 EDT, Alan Clegg said:
>> Were you already safe because you run an unaffected server?
> Alan, I thought you knew better, unless you're intentionally baiting
> people. ;)
> Folks - unless you've deployed DNSSEC, you are running an affected server,
> *even if you have installed the recent patches*. All the patches do is make it
> more difficult to exploit the issue found by Dan Kaminsky, they do *NOT*
> totally remove it.
> Repeat - The recent patches only make it more difficut, they do *not* remove it.
Agreed that the patch doesn't completely fix the issue, it only makes
exploitation more difficult, *but*, so that some don't thereby dismiss
the importance of patching or otherwise protecting their infrastructure,
it's probably best to mention that the patch offers a substantial degree
of protection against what some have characterized as trivial* exploitation.
* we'll have to wait for Dan's talk to know for sure
More information about the unisog