Issues the date: 2008-07-08
Renewal date: 2008-07-10
Is affected the system:
Cisco IOS 12.4
Cisco IOS 12.3
Cisco IOS 12.2
Cisco IOS 12.1
Cisco IOS 12.0
ISC BIND 9.5.x
ISC BIND 9.4.x
ISC BIND 9.3.x
ISC BIND 9.2.x
ISC BIND 8.x.x
Microsoft Windows XP SP3
Microsoft Windows XP SP2
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows 2000SP4
Sun Solaris 9.0_x86
Sun Solaris 9.0
Sun Solaris 8.0_x86
Sun Solaris 8.0
Sun Solaris 10.0_x86
Sun Solaris 10.0
Cisco Network Registrar 7.0.x
Cisco Network Registrar 6.3.x
Cisco Network Registrar 6.1.x
Cisco Network Registrar
Cisco ACNS 5.5
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30131
CVE(CAN) ID: CVE-2008-1447
The DNS agreement is a TCP/IP agreement group's part, allows the DNS client side to inquire the DNS database a main engine analysis is the IP address.
Stemming from and processes DNS to inquire the related process time and the band width considered that the majority DNS servers can local save receives from other DNS server to the response, saves these responses the region to be called the buffer. Once will respond saves the buffer, the DNS server may inquire the DNS server (to be called once more before refurbishing local buffer response copy period of time the response which survival time) uses local saves.
What the DNS buffer poison attack refers to was changed DNS in server's DNS buffer some item, in such buffer no longer aimed at the correct position with the main engine related IP address. For example, if www.example.com maps IP address 192.168.0.1, and in the DNS server's buffer has this mapping, then succeeds to this server's DNS buffer poison aggressor may map www.example.com 10.0.0.1. In this case, attempts to visit www.example.com's user on possible and the wrong Web server contact.
The DNS agreement realizes in the standard including a 16 event ID field. If has realized this standard correctly, and through strong random number generator stochastic choice event ID, the aggressor needs the average 32,768 attempts to be able successful forecast this ID. But because the agreement realizes the weakness, uses in confirming DNS response DNS event ID and source port number randomness insufficient, may the forecast easily, this allow the aggressor to found the match expected value DSN to request the forge response, but the DNS server can think that this response is effective, therefore simplified the buffer poison attack.
The success uses this crack possibly to cause the DNS server's user contact wrong network service supplier, the final influence is various, from simple refuses to serve to network fishing and the financial cheating.
<* origin: Dan Kaminsky
Link: http://secunia.com/advisories/31012/
http://secunia.com/advisories/31011/
http://secunia.com/advisories/30980/
http://secunia.com/advisories/30979/
Other pages: : 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * Next>>
|