logo
Published on FierceCIO (http://www.fiercecio.com)

Exploit code for DNS flaw released

By paulmah
Created Jul 25 2008 - 6:23am

Exploit code [1] for a much touted flaw in the Domain Name System (DNS) has been released. This comes just days after details that the serious vulnerability was inadvertently disclosed [2] by a reverse engineering specialist who independently worked out the weakness. A hacker could leverage upon this vulnerability to poison a DNS's cache and redirect a user's traffic without their knowledge.

Dan Kaminsky, the researcher who originally found the flaw, had known about the vulnerability for months. However, Kaminsky planned to publicly release further details only at the upcoming Black Hat conference in next month. This was to allow both hardware and software vendors to rectify the problem. Amidst reports of major ISP yet to apply this critical DNS patch [3], Kaminsky summed it up in a few words. "Patch. Today. Now. Yes, stay late."

For more on this serious DNS vulnerability:
- check out this vnunet.com article [4]

Source URL:
http://www.fiercecio.com/story/exploit-code-dns-flaw-released/2008-07-25

Links:
[1] http://caughq.wordpress.com/2008/07/23/exploits-for-kaminskys-dns-cache-poisoning-flaw/
[2] http://www.vnunet.com/vnunet/news/2222506/exploit-emerges-dns-flaw
[3] http://www.theregister.co.uk/2008/07/25/isps_slow_to_patch/
[4] http://www.vnunet.com/vnunet/news/2222249/dns-flaw-revealed