After 6 months - fix available for Microsoft DNS cache poisoningattack - Linux

This is a discussion on After 6 months - fix available for Microsoft DNS cache poisoningattack - Linux ; http://www.securityfocus.com/archive.../30/0/threaded | After 6 months - fix available for Microsoft DNS cache poisoning | attack | | On April this year I discovered a new vulnerability that enables DNS | cache poisoning attack against the Windows DNS server. Today (November ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: After 6 months - fix available for Microsoft DNS cache poisoningattack

  1. After 6 months - fix available for Microsoft DNS cache poisoningattack

    http://www.securityfocus.com/archive.../30/0/threaded

    | After 6 months - fix available for Microsoft DNS cache poisoning
    | attack
    |
    | On April this year I discovered a new vulnerability that enables DNS
    | cache poisoning attack against the Windows DNS server. Today (November
    | 13th, 2007) - six and a half months after being informed - Microsoft
    | released a fix for this vulnerability. As the fix is now publicly
    | available, I can finally share my research finding with you.

  2. Re: After 6 months - fix available for Microsoft DNS cache poisoning attack

    After takin' a swig o' grog, p5000011 belched out this bit o' wisdom:

    > http://www.securityfocus.com/archive.../30/0/threaded
    >
    > | After 6 months - fix available for Microsoft DNS cache poisoning
    > | attack
    > |
    > | On April this year I discovered a new vulnerability that enables DNS
    > | cache poisoning attack against the Windows DNS server. Today (November
    > | 13th, 2007) - six and a half months after being informed - Microsoft
    > | released a fix for this vulnerability. As the fix is now publicly
    > | available, I can finally share my research finding with you.


    Random numbers again:

    The transaction ID is
    supposed to be a secure, random number that the attacker must
    guess in order to poison the DNS cache. There are 65,536 possible
    transaction ID values which make enumeration impractical in the
    current network conditions.

    The weakness I found is in the transaction ID generation
    algorithm of Windows DNS Server. By observing a few consecutive
    transaction IDs from the same DNS server an attacker can predict
    its next value.

    --
    Tux rox!

  3. Re: After 6 months - fix available for Microsoft DNS cache poisoning attack

    ____/ Linonut on Wednesday 14 November 2007 17:25 : \____

    > After takin' a swig o' grog, p5000011 belched out this bit o' wisdom:
    >
    >> http://www.securityfocus.com/archive.../30/0/threaded
    >>
    >> | After 6 months - fix available for Microsoft DNS cache poisoning
    >> | attack
    >> |
    >> | On April this year I discovered a new vulnerability that enables DNS
    >> | cache poisoning attack against the Windows DNS server. Today (November
    >> | 13th, 2007) - six and a half months after being informed - Microsoft
    >> | released a fix for this vulnerability. As the fix is now publicly
    >> | available, I can finally share my research finding with you.

    >
    > Random numbers again:
    >
    > The transaction ID is
    > supposed to be a secure, random number that the attacker must
    > guess in order to poison the DNS cache. There are 65,536 possible
    > transaction ID values which make enumeration impractical in the
    > current network conditions.
    >
    > The weakness I found is in the transaction ID generation
    > algorithm of Windows DNS Server. By observing a few consecutive
    > transaction IDs from the same DNS server an attacker can predict
    > its next value.


    But it's all encoded in binary, so nobody will notice. [sarcasm /]

    --
    ~~ Best of wishes

    Apprentice - fancy word for "slave"
    http://Schestowitz.com | Open Prospects | PGP-Key: 0x74572E8E
    Tasks: 116 total, 1 running, 115 sleeping, 0 stopped, 0 zombie
    http://iuron.com - knowledge engine, not a search engine

  4. Re: After 6 months - fix available for Microsoft DNS cache poisoning attack

    On 2007-11-14, p5000011 claimed:
    > http://www.securityfocus.com/archive.../30/0/threaded
    >
    >| After 6 months - fix available for Microsoft DNS cache poisoning
    >| attack
    >|
    >| On April this year I discovered a new vulnerability that enables DNS
    >| cache poisoning attack against the Windows DNS server. Today (November
    >| 13th, 2007) - six and a half months after being informed - Microsoft
    >| released a fix for this vulnerability. As the fix is now publicly
    >| available, I can finally share my research finding with you.


    I wonder what they broke to fix it.

    --
    A clear conscience is usually a sign of a bad memory.

+ Reply to Thread