Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | BIND Domain Name Software Allows Remote Users to Spoof the DNS |
|---|
Categorie: Vulnerability
Posted: 2002-11-27 by ReCall
Views: 402
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: A DNS spoofing vulnerability was reported in the Internet Software Consortium's (ISC) Berkeley Internet Name Domain (BIND) name server software. A remote user may be able to spoof DNS entries in certain cases.
It is reported that BIND versions 4 and 8 do not prevent the transmission of two or more resolution requests for the same domain name, allowing remote users to spoof the DNS system.
A remote user can send specially crafted DNS packets to a target DNS server to inject false domain name information into a DNS cache. The remote user may map a host name to an arbitrary IP address.
According to the report, when the software receives multiple requests for the same resource record (RR), the software will generate multiple outstanding queries for that RR. A remote user can rapidly send multiple queries for a particular RR to a target DNS server to cause the target server to open multiple queries (it will open these queries with other DNS servers to resolve the name).
Then, the remote user can send spoofed responses to the target server. The report indicates that the remote user (the attacker) can achieve a high probability of success.
Caching DNS servers that provide recursive services are reported to be readily vulnerable.
CAIS/RNP (the Brazilian Research Network CSIRT) and Vagner Sacramento from DIMAp/UFRN (Department of Computer Science and Applied Mathematics/Federal University of Rio Grande do Norte) reported these vulnerabilities.
For more information on the vulnerability, including some information on how many spoofed packets may be required, see the original advisory at:
http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
Impact: A remote user may be able to inject false information into the DNS system.
Solution: Users can upgrade to BIND 9.2.1, available at:
http://www.isc.org/products/BIND/bind9.html
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=373
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
