Thursday, July 10, 2008 1:12 PM
cmosby
Cisco Products DNS Cache Poisoning Vulnerability - 2008-07-09 - Secunia
Cisco Products DNS Cache Poisoning Vulnerability
Secunia Advisory:
SA30979
Release Date:
2008-07-09
Critical:
Moderately critical
Impact:
Spoofing
Where:
From remote
Solution Status:
Vendor Patch
OS:
Cisco IOS 12.x
Cisco IOS R12.x
Software:
Cisco Application and Content Networking System (ACNS)
Cisco CNS Network Registrar 6.x
Cisco Network Registrar (CNR) 7.x
CVE reference:
CVE-2008-1447 (Secunia mirror)
Description:
A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to poison the DNS cache.
The vulnerability is caused due to the DNS servers not sufficiently randomising the DNS transaction ID and the source port number, which can be exploited to poison the DNS cache.
The vulnerability is reported in the following products (please see the vendor's advisory for details).
* Cisco IOS Software
* Cisco Network Registrar
* Cisco Application and Content Networking System
NOTE: DNS Servers that are only authoritative or do not allow recursion are not affected.
Solution:
Update to fixed versions (please see vendor advisory for details).
Provided and/or discovered by:
The vendor credits Dan Kaminsky, IOActive.
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtmlOther References:
US-CERT VU#800113:
http://www.kb.cert.org/vuls/id/800113
Filed under: Patch Management, Security, Software Vulnerabilites, Hardware Vulnerabilities