<DocScrutinizer05>
is this a severe security threat or just a funny sidenote?
<wpwrak>
nicely detailed report. sounds at if it might be nasty. i like this section: "Mitigations that don't work" :)
<kyak>
disturbing thing is that this flaw has been there since 2008
<kyak>
i wonder if the attacked person would know about the attack (for example, his dns lookup utility would segfault or what?)
<kyak>
if it's just a nice way to execute code remotely from DNS server, who knows how many times this has already been exploited
pcercuei has quit [Quit: leaving]
<wpwrak>
the more eyes of "whitehats" that are looking at things, the more likely the fixed will be around by the time the blackhats get wind of their opportunity
<DocScrutinizer05>
kyak: (2008) indeed
<kyak>
sure, sure, but such reports only make me more suspicious and paranoid :)
<DocScrutinizer05>
(who knows how many times) indeed 2
<DocScrutinizer05>
>> Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.<<
<kyak>
ah yeah, makes sense
<kyak>
btw, the PoC dns server indeed crashes not only the test client, but any other application that attempts dns resolving (it segfaults)
<kyak>
where there is a segfault, there is an opportunity for remote code execution, if i understand correctly
<larsc>
not always
<larsc>
time to reboot all the machines though
<kyak>
this is how fast you updated? :)
<larsc>
to slow?
<larsc>
everything exploited already?
<kyak>
you still have a chance, if you reboot now!
<larsc>
already rebooted a few hours ago when the announcement came out
<DocScrutinizer05>
how does reboot help? you need updates first, no?
sandeepkr has quit [Ping timeout: 264 seconds]
<DocScrutinizer05>
kyak: is there a *public* PoC server?
<DocScrutinizer05>
kyak: anyway yes, when you suffered an exploit of this vuln, your app prolly would _not_ segfault
pcercuei has joined #qi-hardware
<DocScrutinizer05>
as a rule of thumb when it segfaults the process terminates and can't do further malicious stuff, so exploits will try to keep the process alive
<kyak>
DocScrutinizer05: don't know if there is a public PoC server, i ran the code from github url above
<DocScrutinizer05>
:nod:
<DocScrutinizer05>
would be funny to have an IP ready
<DocScrutinizer05>
of course you can run a LAN-local rogue server on your company's LAN ;-) BOFH leisure fun
<DocScrutinizer05>
kyak: do yiu still have the thing working? could you test for me how much output a "host -a ct.de" produces before the process segfaults? does it show the DNS server IP before it gies south?
<DocScrutinizer05>
would be a lame prank if the user could tell from stdout remanants that there's sth odd with the DNS server IP used
<DocScrutinizer05>
sure you could handle this inside routes on router....