Educause Security Discussion mailing list archives
CVE-2008-1447 (CRITICAL DNS vuln) - have you patched for this security issue?
From: Doug Pearson <dodpears () INDIANA EDU>
Date: Wed, 23 Jul 2008 11:36:28 -0400
If you patched or otherwise mitigated for CVE-2008-1447[1], aka the Kaminsky DNS finding, and have considered that even a patched DNS infrastructure behind a force-to-single-port NAT may still be vulnerable[2], and have evaluated ALL DNS infrastructure at your institution (don't forget any scattered departmental servers!), then you can probably ignore this note - have a good day! If you're not in that set of folks, then you need to patch and mitigate as soon as possible. Unpatched/unmitigated organizations will place their business and users at great risk. As disclosed by folks in the know, exploitation will be trivial. It's expected that security researcher Dan Kaminsky will publish vulnerability details at the Black Hat Convention on August 6th. By that time, it's also expected that the details will be independently discovered. In fact, a recent post to the Matasano blog, and subsequently removed[3], may have publicly disclosed technical underpinnings of the vulnerability. ISC published a document[4] describing a mitigation technique using DNS forwarding. The mitigation works for unpatched infrastructure and for the NAT derandomization issue. A couple of tools[5] have been made available to help system administrators quickly analyze that status of their DNS servers. Regards, Doug Pearson Technical Director, REN-ISAC http://www.ren-isac.net 24x7 Watch Desk +1(317)278-6630 [1] Vulnerability references http://www.kb.cert.org/vuls/id/800113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 http://www.us-cert.gov/cas/techalerts/TA08-190B.html [2] NAT issue http://blogs.iss.net/archive/dnsnat.html [3] Matsano blog posting http://isc.sans.org/diary.html?storyid=4765 [4] Mitigation based on DNS fowarding http://www.isc.org/sw/bind/docs/forwarding.php [5] Tools to check your infrastructure http://www.provos.org/index.php?/archives/42-DNS-and-Randomness.html https://www.dns-oarc.net/oarc/services/porttest -o0o-
Current thread:
- CVE-2008-1447 (CRITICAL DNS vuln) - have you patched for this security issue? Doug Pearson (Jul 23)