Alerts
DNS cache poisoning attacks spotted in the wild
Date:07.25.2008
Threat Type: Malicious Web Site / Malicious Code
This is an update to our previous alert on the DNS cache poisoning attacks.
The previously embargoed details of a critical DNS cache poisoning flaw have been correctly deduced, and are now public. In a webinar held just yesterday, Dan Kaminsky, the security researcher who discovered this flaw, confirmed that the vulnerability has been leaked.
More code to exploit this flaw has surfaced since our previous alert on this topic, and attacks have been spotted in the wild.
Major ISPs, including AT&T, Time Warner, and Bell Canada have yet to respond to this threat, leaving millions of subscribers at risk. Microsoft has issued a formal security advisory; Apple, whose Mac OS X servers are susceptible, have yet to issue a statement.
Websense® Security Labs™ strongly recommend that customers running their own DNS servers patch immediately. Customers who rely on an upstream DNS provider are urged to contact their provider to confirm that this issue has been addressed properly.
References:
http://www.doxpara.com/?p=1185
http://securitylabs.websense.com/content/Alerts/3139.aspx
http://isc.sans.org/diary.html?storyid=4777
http://www.microsoft.com/technet/security/advisory/956187.mspx
http://db.tidbits.com/article/9706
http://www.theregister.co.uk/2008/07/25/isps_slow_to_patch/
http://permalink.gmane.org/gmane.linux.redhat.fedora.general/306278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447
http://www.kb.cert.org/vuls/id/800113
http://w.on24.com/r.htm?e=114268&s=1&k=638307695FF31ED953EF9EC0DF969C02L
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
http://milw0rm.com/exploits/6130
http://milw0rm.com/exploits/6123