From ${URL} : A deficiency in the SRTT (Smoothed Round Trip Time) algorithm in BIND9 was reported that could theoretically allow an attacker to lower the SRTT value that a recursive resolver has associated with an authoritative server. This could allow the attacker to influence the selection of a specific authoritative server from an NS resource record set with multiple values and thus determine which of multiple authoritative servers for a domain will be queried. ISC has indicated that they intend to address this deficiency by reimplementing the SRTT algorithm in a future maintenance release of BIND9. They also note that "the deficiency in the SRTT algorithm is not considered an exploitable security vulnerability on its own". External References: https://kb.isc.org/article/AA-01030/169/Operational-Notification-A-Vulnerability-in-the-SRTT-Algorithm-affects-BIND-9-Authoritative-Server-Selection.html @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
I'll just call this a B4 since it seems to be an information/hijacking attack. Change if desired. Might end up not being a sec bug if it's deemed not CVE-worthy.
Can anyone advise if this is still an issue of this was fixed a long time ago? Also redhead has this as wont-fix.
(In reply to Yury German from comment #2) > Can anyone advise if this is still an issue of this was fixed a long time > ago? > > Also redhead has this as wont-fix. As mentioned by ISC, the implications are minor and it will be fixed by a new implementation of the SRTT algorithm. Additionally, the deficiency is not considered exploitable by itself.
