Conversation

Notices

1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 19-Aug-2021 12:14:13 EDT GeniusMusing
   CVE-2021-25218: A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use Security Advisories
   https://kb.isc.org/v1/docs/cve-2021-25218
   
   >CVE: CVE-2021-25218
   >Document version: 2.0
   >Posting date: 18 August 2021
   >Program impacted: BIND
   >Versions affected: BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition
   >Severity: High
   >Exploitable: Remotely
   >Description:
   >If named attempts to respond over UDP with a response that is larger than the current effective interface maximum transmission unit (MTU), and if response-rate limiting (RRL) is active, an assertion failure is triggered (resulting in termination of the named server process).
   >...
   1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Thursday, 19-Aug-2021 13:30:37 EDT lnxw48a1

      in reply to
      BIND has had a number of high profile security holes. I sometimes wonder what was so bad about djbdns that people willingly dealth with BIND / named.
      1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 19-Aug-2021 13:49:56 EDT GeniusMusing

         in reply to
         I'm quite sure that at some point it will be recommended that blockchain should be used...
         
         for "security"...
         
         :P
         
         Too late, they already have...
         
         DNS seeds Blockchain Developer's Guide Book
         https://nu.federati.net/url/282509