Only hours after the release of the metasploit DNS exploit (part 1), a second exploit has been posted:
===============/========================================================
Exploit ID: CAU-EX-2008-0003
Release Date: 2008.07.23
Title: bailiwicked_domain.rb
Description: Kaminsky DNS Cache Poisoning Flaw Exploit for Domains
Tested: BIND 9.4.1-9.4.2
Attributes: Remote, Poison, Resolver, Metasploit
Exploit URL: http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
Author/Email: I)ruid
H D Moore
===============/========================================================
Description
===========
This exploit targets a fairly ubiquitous flaw in DNS implementations
which allow the insertion of malicious DNS records into the cache of the
target nameserver. This exploit caches a single malicious nameserver
entry into the target nameserver which replaces the legitimate
nameservers for the target domain. By causing the target nameserver to
query for random hostnames at the target domain, the attacker can spoof
a response to the target server including an answer for the query, an
authority server record, and an additional record for that server,
causing target nameserver to insert the additional record into the
cache. This insertion completely replaces the original nameserve
records for the target domain.
This second exploit has the following entry: "This exploit caches a single malicious nameserver entry into the target nameserver which replaces the legitimate nameservers for the target domain."
So instead of only hijacking a single address like www.myaddress.com, now the second exploit allows to hijack all of the myaddress.com domain. This is much more serious!!!
For more information and countermeasures, please see Metasploit releases DNS cache poisoning exploit (part 1).
Related posts:
- NOW is the time to patch those unpatched DNS servers. Details have leaked. (updated)
- Dan Kaminsky Blackhat Webcast on the DNS vulnerability on the 24th of July (updated)
- More on the DNS vulnerability
- Warning: details multi vendor DNS cache poisening flaws released (updated)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment