Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Authentication Bypass Flaw Patched in BIND, Knot DNS

The developers of the BIND and Knot DNS software have released updates to patch a potentially serious vulnerability that can be exploited to bypass authentication mechanisms.

The developers of the BIND and Knot DNS software have released updates to patch a potentially serious vulnerability that can be exploited to bypass authentication mechanisms.

The flaw, discovered by Clément Berthaux of Synacktiv, is related to Transaction SIGnature (TSIG), an authentication protocol used by the Domain Name System (DNS). The protocol is mainly used to authenticate dynamic DNS updates and zone operations.

An attacker who is able to communicate with an authoritative DNS server and has knowledge of a valid key name can exploit the security hole to bypass TSIG authentication and carry out unauthorized zone transfers or updates.

“This issue is due to the fact that when the server receives a request which TSIG timestamp is out of the time window, it still signs its answer, using the provided digest as prefix even though this digest is invalid and has an incorrect size. This allow an attacker to forge the signature of a valid request, hence bypassing the TSIG authentication,” Berthaux wrote in an advisory.

DNS zone transfer is the process in which a DNS server passes a copy of its database (i.e. zone) to another DNS server. Obtaining a copy of zone records can be useful for an attacker as they may contain information that can be leveraged for DNS spoofing attacks.

The Internet Systems Consortium (ISC) tracks this issue as two separate vulnerabilities – one medium severity flaw that allows unauthorized zone transfers (CVE-2017-3142), and a high severity flaw that can be exploited for unauthorized dynamic updates (CVE-2017-3143).

ISC addressed the problem this week with the release of BIND 9.9.10-P2, 9.10.5-P2 and 9.11.1-P2. Knot DNS patched the vulnerability with the release of versions 2.5.2 and 2.4.5 last week.

TSIG is also supported by, among others, PowerDNS and NSD, but the developers of these DNS servers have not published any advisories to indicate whether or not their products are affected.

Advertisement. Scroll to continue reading.

Related: Critical Flaw Patched in BIND Installer for Windows

Related: Potentially Serious DoS Flaw Patched in BIND

Related: BIND Updates Patch Three Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.