Today, CERT is issuing an advisory for a massive multivendor patch to resolve a major issue in DNS that could allow attackers to easily compromise any name server (it also affects clients). Dan Kaminsky discovered the flaw early this year and has been working with a large group of vendors on a coordinated patch.

The issue is extremely serious, and all name servers should be patched as soon as possible. Updates are also being released for a variety of other platforms since this is a problem with the DNS protocol itself, not a specific implementation. The good news is this is a really strange situation where the fix does not immediate reveal the vulnerability and reverse engineering isn’t directly possible.

Dan asked for some assistance in getting the word out and was kind enough to sit down with me for an interview. We discuss the importance of DNS, why this issue is such a problem, how he discovered it, and how such a large group of vendors was able to come together, decide on a fix, keep it secret, and all issue on the same day.

Dan, and the vendors, did an amazing job with this one. We’ve also attached the official CERT release and an Executive Overview document discussing the issue.

Executive Overview (pdf)

CERT Advisory (doc)

Update: Dan just released a “DNS Checker” on his site Doxpara.com to see if you are vulnerable to the issue.

Network Security Podcast, Episode 111, July 8, 2008

Posted by rmogull, filed under Podcast. Date: July 8, 2008, 10:56 am | 5 Comments »

5 Responses

  1. Network Security Blog » Network Security Podcast, Episode 111: Massive DNS multivendor patch Says:

    [...] the show notes for the CERT advisory and additional [...]

  2. Dan Kaminsky has posted a DNS checker on his website. | ThomasNicholson.com Says:

    [...] you are not aware of this problem the folks over at Network Security Podcast have a great post, links to all the information and a podcast interview with Dan about his [...]

  3. Network Security Blog » This is not the vulnerability you’re looking for Says:

    [...] in Windows XP DNS resolver found 3 years ago is the same vulnerability Dan Kaminsky found and multiple companies patched yesterday. While it might be related, it’s not the same thing. First of all, Dan’s [...]

  4. Test for Multivendor DNS Flaw « the back room tech Says:

    [...] details, see the CERT vulnerability notes for VU#800113.  Dan was also interviewed by Rich at the Network Security Podcast, where he goes into more detail on the [...]

  5. Security Justice » Blog Archive » Security Justice - Episode 3 Says:

    [...] Massive DNS vulnerability [...]

Leave a Comment

Your comment

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.