The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Vendor Neutral DNS Vulnerablility

Posted by Xavier Ashe on May 25, 2005

Recently there have been
several vulnerabilities found that affect a massive variety of servers,
routers, etc.  I recently covered the IPSec
security hole
and the HyperThreading
security hole
.  Today a vulnerability
announcement
has been made regarding DNS.  DNS is implemented on every
server, router, firewall and computer out there. 

What is affected?
– —————–
The vulnerability described in this advisory affect the Domain Name System
(DNS) protocol. Many vendors include support for this protocol in their
products and may be impacted to varying degrees, if at all. 

Please note that the information contained within this advisory is subject to
changes. All subscribers are therefore advised to regularly check the NISCC
website for updates to this notice.

Impact
– ——
If exploited, this vulnerability could allow an attacker to create a
Denial-of-Service condition.

The sky isn't falling completely thought.  This
PDF
outlines the vendor responses including Microsoft, Sun, Apple, and
Juniper, all of who say that they are not affected.  Cisco has not
responded, but there are quite a few responses from other vendors that do have
patches available.

-= UPDATED =-

It appears that some Cisco products are vulnerable.  Read the full Cisco Security Notice.

  • Cisco IP Phones 7902/7905/7912
  • Cisco ATA (Analog Telephone Adaptor) 186/188
  • Cisco Unity Express
  • Cisco ACNS (Application and Content Networking System) devices,
    including:

    • Cisco 500 Series Content Engines
    • Cisco 7300 Series Content Engines
    • Cisco Content Routers 4400 series
    • Cisco Content Distribution Manager 4600 series
    • Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and
      3800 series Integrated Service
      Routers
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: