Date: 22 July 2008
References: AL-2008.0080
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
A U S C E R T A L E R T
AL-2008.0082 -- AUSCERT ALERT
[Win][UNIX/Linux][Juniper][Cisco]
DNS cache poisoning vulnerability information allegedly
leaked to the public
22 July 2008
===========================================================================
AusCERT Alert Summary
---------------------
Product: DNS
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Juniper
Cisco
Impact: Provide Misleading Information
Access: Remote/Unauthenticated
CVE Names: CVE-2008-1447
Ref: AL-2008.0080
Revision History: July 22 2008: Public release
July 22 2008: Initial Release
OVERVIEW
Technical information regarding the recent DNS cache poisoning
vulnerability may have been leaked to the general public [1][2].
This increases the likelihood of exploit code being made available.
IMPACT
Vulnerable DNS software may be tricked into supplying incorrect IP
addresses for requested hostnames, thus allowing an attacker to
redirect internet traffic to another, possibly malicious, site.
MITIGATION
DNS client and server software should be upgraded to a non-vulnerable
version as soon as possible. Information on affected software can be
found in AusCERT Alert AL-2008.0080 [3].
REFERENCES
[1] Invisible Denizen Blog
http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
[2] Matasano Security Confirmation
http://www.matasano.com/log/1105/regarding-the-post-on-chargen-earlier-today/
[3] AL-2008.0080 - Multiple DNS implementations vulnerable to
cache poisoning
http://www.auscert.org.au/9546
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSIV1NSh9+71yA2DNAQKQSAP8CUdaB1BOtZCsN8+YEMw9Y71OK9uWZghV
y7FSrrVfbL7UuPfchyR0nPHUYZlNKZY5yAHFog9wgC56JkSlXOMCor8EJfJZUZvg
98vD6Vg1T47cPLw3l9abjIxtR3+RG8uJMA260hO061yFzy+97ngUiE9iMfgMX3A8
8Pi7qwrnfrM=
=FMHq
-----END PGP SIGNATURE-----
|