lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 24 Jul 2007 10:33:51 +0300
From: Amit Klein <amit.klein@...steer.com>
To: bugtraq@...urityfocus.com
Subject: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

I discovered a new weakness in BIND 9 DNS server which enables "DNS 
Forgery Pharming". An attacker can remotely poison the cache of any BIND 
9 caching DNS server and force users who use this DNS server to reach 
fraudulent websites each time they try to access real websites. BIND 9 
is the most popular DNS server nowadays thus this attack applies to a 
big part of Internet users.

The concept of DNS cache poisoning was discussed many times before. 
However, this attack was considered impractical for the leading 
industrial DNS servers due to the transaction ID mechanism that DNS 
servers implement today. The transaction ID is supposed to be a secure, 
random number that the attacker must guess in order to poison the DNS 
cache. There are 65,536 combinations which make enumeration impractical 
in the current network conditions.

I've recently found a weakness in the transaction ID generation 
algorithm of BIND 9. By observing a few consecutive transaction IDs from 
the same DNS server an attacker can reconstruct the random number 
generator's internal state, and/or predict its next value.

This weakness can be turned into a mass attack in the following way: (1) 
the attacker lures a single user that uses the target DNS server to 
click on a link. No further action other than clicking the link is 
required (2) by clicking the link the user starts a chain reaction that 
eventually poisons the DNS server?s cache (subject to some standard 
conditions) and associates fraudulent IP addresses with real website 
domains. (3) All users that use this DNS server will now reach the 
fraudulent website each time they try to reach the real website.

The 2 algorithms for predicting the transaction ID (one for the single 
next transaction ID, the other for full reconstruction of the internal 
state and all future transaction IDs) were coded in Perl and were 
demonstrated to work well (and fast!).

The algorithms, as well as the paper, are available Trusteer's website:

  Full paper: http://www.trusteer.com/docs/bind9dns.html

  Executive version: http://www.trusteer.com/docs/bind9dns_s.html

ISC were informed on May 29th, and patched versions of BIND 9 are now 
available on their website, http://www.isc.org/

Thanks,
Amit Klein
CTO
Trusteer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ