dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities
Simon Kelley reports:
There are broadly two sets of problems. The first is subtle errors
in dnsmasq's protections against the chronic weakness of the DNS
protocol to cache-poisoning attacks; the Birthday attack, Kaminsky,
the second set of errors is a good old fashioned buffer overflow in
dnsmasq's DNSSEC code. If DNSSEC validation is enabled, an
installation is at risk.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright