Vulnerability Issue in Implementations of the DNS Protocol
UNIRAS (UK Gov CERT)/NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html [snip] Summary - ------- A vulnerability affecting the Domain Name System (DNS) protocol was identified by Dr. Steve Beaty from the Department of Mathematical and Computer Science of Metropolitan State College of Denver. The Domain Name System (DNS) protocol is an Internet service that translates domain names into Internet Protocol (IP) addresses. Because domain names are alphabetic, they're easier to remember, however the Internet is really based on IP addresses; hence every time a domain name is requested, a DNS service must translate the name into the corresponding IP address. The vulnerability concerns the recursion process used by some DNS implementations to decompress compressed DNS messages. Under certain circumstances, it is possible to cause the DNS server to terminate abnormally. All users of applications that support DNS are recommended to take note of this advisory and carry out any remedial actions suggested by their vendor(s). [snip] - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
On Tuesday 24 May 2005 2:57 pm, Fergie (Paul Ferguson) wrote:
UNIRAS (UK Gov CERT)/NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
Seems to be similar to an issue discussed on Bugtraq in 1999 where they looked to exploit the recursive nature of some DNS decompression implementations to create a loop in the decompression code. At the time BIND wasn't vulnerable, which doesn't stop client side code being vulnerable, but would have mitigated the problem then. Still we could do with some more details, although I guess enough detail to start checking source code for the dedicated.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone (a) experienced or noticed issues related to this vulnerability (b) what action(s) have you taken to address this, if any? What do folks at verisign and isc think about this? Any insight will be appreciated. regards, /vicky Fergie (Paul Ferguson) wrote: | | UNIRAS (UK Gov CERT)/NISCC: | http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html | | [snip] | | | Summary | - ------- | A vulnerability affecting the Domain Name System (DNS) | protocol was identified by Dr. Steve Beaty from the | Department of Mathematical and Computer Science of | Metropolitan State College of Denver. | | The Domain Name System (DNS) protocol is an Internet | service that translates domain names into Internet Protocol | (IP) addresses. Because domain names are alphabetic, | they're easier to remember, however the Internet is | really based on IP addresses; hence every time a domain | name is requested, a DNS service must translate the name | into the corresponding IP address. | | The vulnerability concerns the recursion process used by | some DNS implementations to decompress compressed DNS | messages. Under certain circumstances, it is possible to | cause the DNS server to terminate abnormally. | | All users of applications that support DNS are recommended | to take note of this advisory and carry out any remedial actions | suggested by their vendor(s). | | [snip] | | - ferg | | | -- | "Fergie", a.k.a. Paul Ferguson | Engineering Architecture for the Internet | fergdawg@netzero.net or fergdawg@sbcglobal.net | ferg's tech blog: http://fergdawg.blogspot.com/ | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCk2n/pbZvCIJx1bcRAldAAJ9dxlg30J3jMX/W3bwXvdFlwvCj7gCgxQ0/ fGUMug5/x1Wg6wsrZg/n/NE= =9iP/ -----END PGP SIGNATURE-----
participants (3)
-
Fergie (Paul Ferguson)
-
Simon Waters
-
Vicky Rode