Today various vendors released  updates to address several DNS implementation flaws. It seems that the implementation issues could allow an attacker to perform DNS Cache poisoning against affected DNS implementations.

The update comes on the back of the Microsoft patch for MS08-037 and an advisory by Cisco and one for the Open Source DNS server BIND, and it is possible that this implementation flaw could affect other DNS server implementations.

The initial problem in both the Cisco and Microsoft DNS server implementations is the insufficient entropy in the selection of UDP source ports and DNS transaction IDs when performing DNS queries. As a result of this lack of randomness the transaction IDs are more predictable than they should be thus allowing an attacker to predict a transaction ID and injecting arbitrary information into a DNS cache.

The issue affects the Microsoft DNS server and Cisco DNS server implementations in IOS and other Cisco software. The issue also affects all versions of BIND. However the Microsoft DNS server doesn't get off easy with the DNS Cache poisoning problem, it seems that MS08-037 fixes another problem that could allow an attacker to poison the DNS cache that is unrelated to the general problem affecting many other vendors.

You can find out more about the Microsoft DNS server issue in MS08-037 here, along with the details for the issue from ISC in BIND here and the details from Cisco here. There is also a CERT advisory for the issue which lists the possible affects for other vendors, it is also listed as CVE-2008-1447.

As usual if you use any affected software get it patched as soon as possible to avoid future problems. It is only rated by Microsoft as 'Important' and we all know that is code for patch it soon, but it will not result it your servers being 'rooted' this week.

Add this page to your favorite Social Bookmarking websites