DNS Security Flaw Secretly Patched by Multiple Vendors
Date : 10 Jul 2008 Category : Technology
NewsFactor NetworkThe flaw was found at the heart of the Domain Name System -- the Internet "phone book" for translating Web URLs into the numerical IP addresses that networking computers use to deliver information. According to CERT, hackers could use a technique called DNS cache poisoning to place forged DNS data into the cache of a name server at any Internet domain.
"An attacker with the ability to conduct a successful cache-poisoning attack can cause a name server's clients to contact the incorrect, and possibly malicious, hosts for particular services," CERT said. "Consequently, web traffic, e-mail and other important network data can be redirected to systems under the attacker's control."
A Flaw in the Core
The underlying DNS defects were brought to CERT's attention by Internet security expert Dan Kaminsky, the director of penetration testing at IOActive.
"There's a bug in DNS, the name-to-address mapping system at the core of most Internet services," Kaminsky said. If "DNS goes bad, every Web site goes bad, and every e-mail goes somewhere," but "not where it was supposed to," he added.
Software companies across the industry have been quietly collaborating to simultaneously release patches for virtually all the affected name servers, Kaminsky said. "We got everyone into a room and hammered out a plan," he recalled in a blog. "After an enormous and secret effort, we've got fixes for all major platforms, all out on the same day."
However, the specific nature of the vulnerability is still being kept under wraps to prevent hackers from knowing precisely where to look.
"This is actually a flaw in the core of DNS itself," Kaminsky said in a recent network security podcast. "What this means is that it isn't something...