Date: 01 April 2008
References: ESB-2008.0368 ESB-2008.0821
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2008.0075 AUSCERT Advisory
[Win][UNIX/Linux]
PowerDNS Cache Poisoning Vulnerability
1 April 2008
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: PowerDNS Recursor 3.1.4 and earlier
Publisher: PowerDNS
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact: Provide Misleading Information
Access: Remote/Unauthenticated
Member content until: Tuesday, April 29 2008
OVERVIEW
PowerDNS Recursor version 3.1.4 and earlier uses random number
generation routines that are easily predictable[1][2] which may
allow remote users to poison the DNS cache.
IMPACT
Successful exploitation of this vulnerability could allow a
remote attacker to redefine the IP address mappings for domain
names, causing a denial of service or allowing more effective
phishing attempts.
MITIGATION
Users of PowerDNS Recursor should upgrade to version 3.1.5,
which is not vulnerable to this issue.
Very busy DNS servers may be less susceptible to attack,
however they are still vulnerable.
REFERENCES
[1] PowerDNS Security Advisory 2008-01
http://doc.powerdns.com/powerdns-advisory-2008-01.html
[2] PowerDNS Recursor DNS Cache Poisoning
http://www.trusteer.com/docs/powerdnsrecursor.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR/HR3ih9+71yA2DNAQImBwP9EwCLgD+Ulbc18iy+48HTzx5mVH0mvhMY
B4jPZaam3gpUyTP6RJH6NWcp/aF8sFIeHToW8EOWH800QKKc0FMa7RnR1vj3zlED
N0xujcaRaO8SQ6QGg0JZz8irqLztbpe7oAGF3s8CVirKsl/n0QMQy/lztLKOuofb
SrMA58a4f2E=
=FO6u
-----END PGP SIGNATURE-----
|