[Dnsmasq-discuss] Question about DNS vunlerabiltiy in dnsmasq

A C agcme at hotmail.com
Wed Jul 23 00:30:26 BST 2008




> Date: Tue, 22 Jul 2008 18:05:27 +0100
> From: simon at thekelleys.org.uk
> To: agcme at hotmail.com
> CC: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Question about DNS vunlerabiltiy in dnsmasq
> 
> A C wrote:
> > I'm running dnsmasq 2.35 but it's on an embedded system and the package 
> > manager hasn't created a new version yet.  I wanted to know how 
> > vulnerable I was to the recent security alert regarding DNS and whether 
> > there's a potential workaround that I could put in place for now.
> > 
> 
> "How vulnerable" is a difficult question. AFAIK, the attack hasn't been 
> seen in the wild, and it's assumed that the Bad Guys don't know it, so 
> you're absolutely safe until Dan Kaminsky spills the beans (August?)
> 
> Does that give you enough time to get a new version in place?
> 
> Simon.

Well, not really.  I don't have the ability to generate a package for the embedded system so I'm at the mercy of the package maintainer.  I've already mailed them to see if they'll update but it may be a while and I was hoping there was a reasonable workaround that could be implemented in the interim or until I can get a replacement router in place that doesn't require package management.

_________________________________________________________________
Use video conversation to talk face-to-face with Windows Live Messenger.
http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL_Refresh_messenger_video_072008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20080722/ac5a6040/attachment.htm


More information about the Dnsmasq-discuss mailing list