JP Vossen on 9 Jul 2008 12:02:57 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] DNS ... cache poisoning [big deal]


This is a big deal announced yesterday.

http://www.kb.cert.org/vuls/id/800113
Vulnerability Note VU#800113
Multiple DNS implementations vulnerable to cache poisoning

Overview
Deficiencies in the DNS protocol and common DNS implementations 
facilitate DNS cache poisoning attacks.
[...]
--- cut ---

Basically, a well-known security researcher named Dan Kaminsky has 
solved some challenges with regard to exploiting previously acknowledged 
issues with the DNS protocol (not implementations, protocol), with the 
result that large-scale "poisoning" DNS caches is now feasible.

That's a big deal.

Among other things, it allows for virtually undetectable phishing, spear 
phishing, and malware distribution.  We all know that some funky URL 
that claims to be Paypal isn't.  But if your DNS lies to you and sends 
you someplace else when you manually type in the correct Paypal URL, 
that's something else again.  And that's what this vulnerability allows.

 From what I'm reading, this was handled really well by Kaminsky. 
Rather than irresponsible disclosure, he has worked with CERT and many 
others in "the largest synchronized security update in the history of 
the Internet, and [which] is the result of hard work and dedication 
across dozens of organizations." [1]  He will release the details along 
with a tool to help determine upstream vulnerability at a security 
conference on August 6th.

"The good news is that due to the nature of this problem, it is 
extremely difficult to determine the vulnerability merely by analyzing 
the patches; a common technique malicious individuals use to figure out 
security weaknesses." [1]

If you or your company run your own DNS servers, you need to jump on 
this.  If you don't, you'll want to check upstream, especially after the 
testing tool is released.

Windows:
   http://www.kb.cert.org/vuls/id/484649
   > http://www.microsoft.com/technet/security/bulletin/MS07-062.mspx

ISC2 BIND
   http://www.kb.cert.org/vuls/id/252735
   > http://www.isc.org/sw/bind/bind-security.php


Later,
JP

[1] 
http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/
http://securosis.com/publications/DNS-Executive-Overview.pdf
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|        jp{at}jpsdomain{dot}org
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug