This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: News

Patches coming today for DNS vulnerability

By Joe Barr on July 08, 2008 (8:05:22 PM)

Share    Print    Comments   

Whether you're running Linux, Windows, Cisco, Sun, or other DNS servers, you are at risk from a newly discovered vulnerability. So says Dan Kaminsky, head of penetration testing research at IO Active, who accidently discovered the DNS "design flaw" earlier this year.

You can check whether the DNS servers you use are vulnerable by clicking the Check My DNS button in the upper right corner of Kaminsky's Web site.

Kaminsky says he made the discovery entirely by accident. When he realized the flaw was a fundamental design flaw that is universal in scope, he called for a summit of security researchers to decide on a course of action. That summit took place on the Microsoft campus on March 31, and out of it a multi-vendor patch solution was developed. Microsoft, Sun, Cisco, Bind, and other firms will be releasing patches for the flaw today. Linux distributions are expected to start providing patches today as well. Debian users already can find Bind patch instructions online.

The problem in general terms is described as insufficient randomness. Vendors have tried to deliver the fix in a way that can't be reverse-engineered to reveal the actual flaw. Full details on the flaw will not be revealed for 30 days, in order to allow system administrators time to evaluate and apply patches to their DNS servers. DNS clients are also at risk, but to a much smaller degree, and the focus at present continues to be on DNS servers.

According to Kaminsky, the rule for applying patches for this flaw should be, "If it recurses, patch it."

Share    Print    Comments   

Comments

on Patches coming today for DNS vulnerability

Note: Comments are owned by the poster. We are not responsible for their content.

Patches coming today for DNS vulnerability

Posted by: Anonymous [ip: 58.96.80.19] on July 09, 2008 03:58 PM
Looks like we may have a competitor to the Firefox download record!

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya