If the administrator of example.com publishes the example.com DNS data through tinydns and axfrdns, and includes data for sub.example.com transferred from an untrusted third party, then that third party can control cache entries for example.com, not just sub.example.com. This is the result of a bug in djbdns pointed out by Matthew Dempsky. (In short, axfrdns compresses some outgoing DNS packets incorrectly.) More detailed description at: Since i'm here, pacify a bit portlint removing quotes from BROKEN messages Added file(s): - files/patch-response.c Port maintainer (roam@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.77
Responsible Changed From-To: freebsd-ports-bugs->roam Over to maintainer (via the GNATS Auto Assign Tool)
roam 2009-03-06 16:20:17 UTC FreeBSD ports repository Modified files: dns/djbdns Makefile Added files: dns/djbdns/files patch-response.c Log: Fix the AXFR subdomain overwrite vulnerability discovered by Matthew Dempsky. Also, fix the quoting of the BROKEN messages. PR: 132366, 132349 Submitted by: Renato Botelho <garga@FreeBSD.org>, Howard Goldstein <hg@queue.to> Revision Changes Path 1.34 +3 -3 ports/dns/djbdns/Makefile 1.1 +11 -0 ports/dns/djbdns/files/patch-response.c (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed I've just committed the patch. Thanks!