While this is a seemingly benign flaw on face value, the implications given the Kaminsky style attack is that it allows even a less sophisticated attack attempt a very long window to spoof domains that are hosted on vulnerable servers. Note that at first I made an incorrect assumption that this particular flaw affected multiple DNS solutions, but after further investigation it turns out this one was in a particular implementation, namely PowerDNS. While PowerDNS is the only server I am aware of that has this flaw, I would be concerned about other malformed queries affecting other DNS implementations in similar ways. Feel free to let me know if you become aware of any other DNS servers with similar issues, I would be curious to know.
In case you are using PowerDNS the flaw I had discovered has just been recently patched (aka CVE-2008-3337), so please deploy this patch, to remove this extended time window advantage from attackers.
Thanks to Bert Hubert of PowerDNS for responding to my notification quickly, immediately seeing the importance and turning around this patch in such a short time frame given the heightened climate of attention on DNS.
Post a Comment