Vulnerability Summary: Deficiencies in the DNS protocol and common DNS implementations facilitate a DNS cache poisoning attack that affects BIND, Microsoft Windows DNS services and CISCO IOS. The vulnerability has been assigned the following Common Vulnerability and Exposure number: CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 Note: Authorative name servers are not affected. Impact criticality: CCIP assess the impact of this vulnerability to be VERY HIGH. CCIP is unaware of any active exploit code for this vulnerability. Type of fix available: Microsoft has released a patch for this in their latest updates. More information can be found at http://www.microsoft.com/technet/security/bulletin/MS07-062.mspx. CCIP understands that other vendors will be releasing updates shortly. BIND have released a notification which is located at http://www.isc.org/index.pl?/sw/bind/index.php CISCO have also released a notification which can be accessed at http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml
From reading the press on this one, you'd think the sky was falling and Dan Kaminsky was the greatest hero ever for discovering this ... but see RFC 3833 (DNS Threat Analysis), published in 2004, and various prior works that go into the specific problem in more detail. It's not exactly news to those who pay attention to DNS issues.
Of course it's nice that BIND finally has source port randomisation, after pointedly ignoring the issue for quite a while. -- don Jamie Baddeley wrote:
Vulnerability Summary: Deficiencies in the DNS protocol and common DNS implementations facilitate a DNS cache poisoning attack that affects BIND, Microsoft Windows DNS services and CISCO IOS.
participants (2)
-
Don Stokes -
Jamie Baddeley