[Pkg-dns-devel] Bug#865678: knot: Improper TSIG validity period check can allow TSIG forgery
Salvatore Bonaccorso
carnil at debian.org
Sat Jul 8 12:33:50 UTC 2017
Control: retitle -1 knot: CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery
On Fri, Jun 23, 2017 at 07:01:49PM +0200, Salvatore Bonaccorso wrote:
> Source: knot
> Version: 2.4.3-1
> Severity: grave
> Tags: security upstream patch
> Control: found -1 2.5.1-1
>
> Hi
>
> See
> https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
> and
> http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf
> and filling a bug in BTS to have a reference, afaik there is no CVE
> yet assigned.
>
> [16:19] < KGB-1> Yves-Alexis Perez 52846 /data/CVE/list add temporary entry for knot
> [16:21] < Corsac> ondrej: I guess you know about it?
>
> Please adjust the affected versions in the BTS as needed.
This now was assigned CVE-2017-11104.
Regards,
Salvatore
More information about the pkg-dns-devel
mailing list