Old stuff
I am interested in seeing if there is anything REALLY new from a number of the following:
Schuba, C., "Addressing Weaknesses in the Domain Name System Protocol", Master's thesis, Purdue University Department of Computer Sciences, August 1993.
Bellovin, Steven M. (1995) "Using the Domain Name System for System Break-ins" pp.199-208 in Proceedings of the 5th USENIX UNIX Security Symposium, Salt Lake City, Utah. Berkeley, CA: USENIX Association.
Bellovin, Steven M. (1989). “Security Problems in the TCP/IP Protocol Suite,” Computer Communications Review, 19(2):32-48.
R. T. Morris. A Weakness in the 4.2BSD UNIX TCP/IP Software. Computing Science Technical Report No. 117, AT&T Bell Laboratories, Murray Hill, New Jersey, February 1985
In particular, Schuba's work in the early 90's seems to address all the aspects mentioned in the July CERT release.
In the links above nothing is listed as these where articles on the paper. I did some tests in 2000 based on Schuba's paper and a couple newer cache poision attacks. As there were many servers taht where vulnerable to root level compromises nothing came of the cache poisioning.
I ran a test earlier in the year where I again tested versioning and found over 16% of the tested systems where so old as to be vulnerable to remote compromise. I see this as a far worse situation even if most of these are on the proverbial outskirts.