« Most Corporations Lack Proper SDLC | Main | OWASP/WASC Party at Blackhat in Las Vegas »

Widescale DNS flaw discovered

A pretty nasty DNS vulnerability has been discovered in 81 products by Dan Kaminsky. This vulnerability type seems to be the same described by Amit Klein and involves abusing the PRNG involved in transactions on DNS queries. Long story short if you run a vulnerable caching DNS server you can have your cache poisoned. From CERT

"The DNS protocol specification includes a transaction ID field of 16 bits. If the specification is correctly implemented and the transaction ID is randomly selected with a strong random number generator, an attacker will require, on average, 32,768 attempts to successfully predict the ID. Some flawed implementations may use a smaller number of bits for this transaction ID, meaning that fewer attempts will be needed. Furthermore, there are known errors with the randomness of transaction IDs that are generated by a number of implementations. Amit Klein researched several affected implementations in 2007."

Dshield has a great explanation.

Article Link: http://isc.dshield.org/diary.html?storyid=4687
CERT Advisory with list of affected vendors: http://www.kb.cert.org/vuls/id/800113


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!