Recently there have been
several vulnerabilities found that affect a massive variety of servers,
routers, etc. I recently covered the IPSec
security hole and the HyperThreading
security hole. Today a vulnerability
announcement has been made regarding DNS. DNS is implemented on every
server, router, firewall and computer out there.
What is affected?
The vulnerability described in this advisory affect the Domain Name System
(DNS) protocol. Many vendors include support for this protocol in their
products and may be impacted to varying degrees, if at all.
Please note that the information contained within this advisory is subject to
changes. All subscribers are therefore advised to regularly check the NISCC
website for updates to this notice.
If exploited, this vulnerability could allow an attacker to create a
The sky isn't falling completely thought. This
PDF outlines the vendor responses including Microsoft, Sun, Apple, and
Juniper, all of who say that they are not affected. Cisco has not
responded, but there are quite a few responses from other vendors that do have
-= UPDATED =-
It appears that some Cisco products are vulnerable. Read the full Cisco Security Notice.
- Cisco IP Phones 7902/7905/7912
- Cisco ATA (Analog Telephone Adaptor) 186/188
- Cisco Unity Express
Cisco ACNS (Application and Content Networking System) devices,
- Cisco 500 Series Content Engines
- Cisco 7300 Series Content Engines
- Cisco Content Routers 4400 series
- Cisco Content Distribution Manager 4600 series
Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and
3800 series Integrated Service