Executive SummaryThis paper would provide the DNS vulnerability referred to as CVE-2008 – 1447 or morecommonly known as the DNS Spoofing attack or DNS Cache Poisoning attack. Thediscovery was made my Dan Kaminsky and this vulnerability allows an attacker to attackrecursive name servers. These name servers are those that receives requests from the clientand then passes on these to an actual authoritative name server. This attack combines apreviously known method of attack wherein the attacker poisons the recursive server and thenpoints the recursive server to a fake authoritative server so as to ensure that the attack issuccessful . This paper would also talk about this vulnerability in detail and then it wouldalso talk about the exploitation scenario wherein the actual attack would be demonstrated.The paper would then talk about the mitigation factors which means steps as a user could takereduce the threat or impact and then finally remediation for the vulnerability.Technical DescriptionExploitation DescriptionThis vulnerability affects the DNS protocol itself and is not specific to any particularimplementation. The DNS protocol typically makes use of a Query ID field in order to matchthe income requests to previously sent queries. This Query ID is only 16 bits long which iswhy it becomes an easier target for exploiting this scenario. As such, the vulnerability allowsfor name servers to be spoofed in a way that the cache can be infected thereby not pointing tothe original authoritative server but to a server of choice by the attacker. A successful attackbasically means, that the attacker has spoofed the DNS cache, poisoned it and then pointed itto an entirely new domain so that the users coming to the original server would be redirectedto the custom server of choice. So for instance, an attacker could hijack www.google.com andpoint to a server that is riddled with malware and viruses or by even acting smartly, theattacker could capture users’ password and username and financial details among other thingsbased on the website they hijack. Moreover the attacker could just grab all the mails,intercept chat traffic and combine with other attacks to make matters worse do anything elsehe/she wants provided that domain name resolution is needed. Attack VectorAs mentioned previously, the attacker would be looking for recursive servers that are thosename servers that are ready to accept request from a client and pass this information to anauthoritative name server. The attack discloses a novel method of poisoning the cache of the
Found this document preview useful?
Windows RPC Vulnerability CVE-2008-4250: Technical Description, Attack Vectors, and Mitigationlg...
Vulnerability in GNU C Library allows remote code executionlg...