Trend Micro: Major DNS Cache-Poisoning Vulnerability, Patch Now
July 2008 by Trend Micro
While this is completely unrelated to any particular malware, there is a rather disconcerting DNS cache-poisoning vulnerability that has surfaced which deserves the attention of any and every organization on the planet which operates their own DNS servers.
The importance of determining if you are vulnerable, and getting the vulnerability fixed quickly, is becoming more important as each days passes. This is due not only to the criticality of the vulnerability, but also due to some of the “colorful” background in how some of the details have become available surrounding the vulnerability itself.
First, US-CERT published an advisory on this vulnerability on 8 July 2008, and they have a detailed reference of vendor products which are affected on their advisory page. Please visit their advisory page to determine if your DNS infrastructure is at risk.
As the US-CERT advisory states, the heart of this issue is that DNS caching nameservers can be poisoned by an “…attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver.”
This is a very serious situation, and can possibly lead to widespread and targeted attacks which hijack sensitive information by redirecting legitimate traffic to fraudulent websites, due to incorrect (fraudulent) information being injected into the vulnerable caching nameserver(s).
Secondly, while the details of this vulnerability were originally discovered by Dan Kaminsky, and were originally to be revealed at the upcoming Black Hat conference in Las Vegas next month, some details regarding the vulnerability have been “leaked” to the public, which increases the importance of quickly patching any vulnerability in deployed DNS servers.
There are also some publicly available tools to to determine if your DNS servers are affected.
This vulnerability is quite serious, so please - PATCH NOW.