Alerts

Multiple DNS implementations vulnerable to cache poisoning

Date:07.23.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ has been closely following US-CERT Vulnerability #800113: “Multiple DNS implementations vulnerable to cache poisoning”, originally announced on July, 8th 2008. Many of the details regarding the vulnerability are being temporarily withheld by the security researcher who made the discovery, which has caused some confusion on the severity of the vulnerability. Recent investigations by the security community have revealed that there is at least one serious vulnerability in most existing DNS implementations. This vulnerability can lead to DNS cache poisoning which can allow attackers to redirect traffic to a destination under their control.

For complete protection, customers are advised to ensure their DNS implementations are resilient to this type of attack. Customers who do not implement an internal DNS infrastructure are advised to seek cooperation from their upstream DNS provider, typically their ISP. Contact your DNS vendor to verify that source port randomization is enabled on your DNS servers. In many situations, this may require the application of a patch.

At time of this alert, an exploit targeting this flaw has been added to Metasploit, an open source penetration testing tool that is free and publicly available.

The US-CERT advisory also makes the several important “DNS best practices” recommendations. Please reference the advisory for complete details. http://www.kb.cert.org/vuls/id/800113

•  Subscribe to this feed »