* Posts by Matthew Dempsky

1 publicly visible post • joined 1 Mar 2009

Caching bugs exposed in second biggest DNS server

Matthew Dempsky

Second bug not just a forgery issue

"He would notice that forgery issues to *NOT* qualify for the security bounty. FAIL!"

Right, and for this reason, I don't think DJB will award the $1000 to Kevin Day. However, the bug that I pointed out is an actual exploitable bug in how djbdns builds DNS response packets, which I believe is covered by DJB's security guarantee. You can read my BugTraq posting for more details (linked within the article).