Yesterday, Dan Kaminsky announced that there is a fundamental flaw in the DNS protocol that can allow attackers to spoof domains to any DNS server. Because it is a fundamental flaw in the DNS protocol, many implementations of DNS servers are vulnerable. Yes, that means BIND, Cisco, Microsoft, and many others are vulnerable. Luckily, Dan is on the good side, and didn’t sell the vulnerability. He communicated the issue to the major vendors, and together, they developed a solution to problem.
The CERT advisory can be found on US-CERT, and you can also listen to the press conference at Black Hat. The CVE reference is CVE-20081447. Dan also released an online tool to verify if your DNS server is vulnerable. I believe it checks to see if the source port changes between DNS requests. The major vendors should already have patches for this vulnerability, so please patch away.
Leave A Comment