Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - BIND: bypassing SRTT

August 2013 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use a weakness of the SRTT algorithm, in order to
force a BIND recursive server to prefer an authoritative server
amongst several ones.

Impacted products: BIND

Severity: 1/4

Creation date: 14/08/2013

DESCRIPTION OF THE VULNERABILITY

A DNS zone can be served by several authoritative servers.

The SRTT (Smoothed Round Trip Time) algorithm associates a weight
to each authoritative server, in order to choose the fastest (the
one with the lower weight). A decay operation progressively lowers
the weight of other servers, so they can also be queried.

An attacker can query a recursive DNS server, for a domain for
which he owns an authoritative server which delegates the reply to
a group of DNS servers. However, if the first ones do not reply,
then the last DNS server obtains a low weight. There are two
attack variants, detailed in the paper. The attacker thus promote
the last DNS server in the recursive server.

An attacker can therefore use a weakness of the SRTT algorithm, in
order to force a BIND recursive server to prefer an authoritative
server amongst several ones. This weakness can be used to
facilitate an attack using spoofed DNS records, located in the DNS
server with the low weight.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/BIND-bypassing-SRTT-13281


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts