24 May
2005
24 May
'05
11:02 a.m.
On Tuesday 24 May 2005 2:57 pm, Fergie (Paul Ferguson) wrote:
UNIRAS (UK Gov CERT)/NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
Seems to be similar to an issue discussed on Bugtraq in 1999 where they looked to exploit the recursive nature of some DNS decompression implementations to create a loop in the decompression code. At the time BIND wasn't vulnerable, which doesn't stop client side code being vulnerable, but would have mitigated the problem then. Still we could do with some more details, although I guess enough detail to start checking source code for the dedicated.