A major vulnerability in DNS (Domain Naming Service) has been discovered. It is within the protocol of DNS itself and therefore affects all vendors of DNS server and DNS client products. Dan Kaminsky discovered the vulnerability and through responsible disclosure has been working behind the scenes to coordinate a multivendor patch release. It is critical that you patch you systems immediately before the vulnerability is exploited in the wild. Dan will publicly release the details of the vulnerability Aug 6 at BlackHat.
The Microsoft Client and Server patches can be found within Microsoft Security Bulletin MS08-037 – Vulnerabilities in DNS Could Allow Spoofing. These security updates should be released through Windows Updates but check the KB article number to ensure you are getting the patch. I can confirm XPSP3 picked up the patch via Windows Update.
The US-CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning has more details on the vulnerability and links to all vendor patches and security bulletins.
Dan Kaminsky has also released a DNS checker on his site Doxpara.com to test your DNS system for the vulnerability.
Excerpt from Securosis Executive Summary,
On July 8th, technology vendors from across the industry will simultaneously release patches for their products to close a major vulnerability in the underpinnings of the Internet. While most home users will be automatically updated, it’s important for all businesses to immediately update their networks. This is the largest synchronized security update in the history of the Internet, and is the result of hard work and dedication across dozens of organizations.
Earlier this year, professional security research Dan Kaminsky discovered a major issue in how Internet addresses are managed (Domain Name System, or DNS). This issue was in the design of DNS and not limited to any single product. DNS is used by every computer on the Internet to know where to find other computers. Using this issue, an attacker could easily take over portions of the Internet and redirect users to arbitrary, and malicious, locations. For example, an attacker could target an Internet Service Provider (ISP), replacing the entire web — all search engines, social networks, banks, and other sites — with their own malicious content. Against corporate environments, an attacker could disrupt or monitor operations by rerouting network traffic traffic, capturing emails and other sensitive business data.
Dan thank you for your research and you responsible disclosure. I’m glad they listened to you.
Related posts:
Comments on this entry are closed.