[Secure-testing-team] Bug#865678: knot: Improper TSIG validity period check can allow TSIG forgery
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 23 17:01:49 UTC 2017
Source: knot
Version: 2.4.3-1
Severity: grave
Tags: security upstream patch
Control: found -1 2.5.1-1
Hi
See
https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
and
http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf
and filling a bug in BTS to have a reference, afaik there is no CVE
yet assigned.
[16:19] < KGB-1> Yves-Alexis Perez 52846 /data/CVE/list add temporary entry for knot
[16:21] < Corsac> ondrej: I guess you know about it?
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list