The developers of the BIND and Knot DNS software have released updates to patch a potentially serious vulnerability that can be exploited to bypass authentication mechanisms.
The flaw, discovered by Clément Berthaux of Synacktiv, is related to Transaction SIGnature (TSIG), an authentication protocol used by the Domain Name System (DNS). The protocol is mainly used to authenticate dynamic DNS updates and zone operations.
An attacker who is able to communicate with an authoritative DNS server and has knowledge of a valid key name can exploit the security hole to bypass TSIG authentication and carry out unauthorized zone transfers or updates.
“This issue is due to the fact that when the server receives a request which TSIG timestamp is out of the time window, it still signs its answer, using the provided digest as prefix even though this digest is invalid and has an incorrect size. This allow an attacker to forge the signature of a valid request, hence bypassing the TSIG authentication,” Berthaux wrote in an advisory.
DNS zone transfer is the process in which a DNS server passes a copy of its database (i.e. zone) to another DNS server. Obtaining a copy of zone records can be useful for an attacker as they may contain information that can be leveraged for DNS spoofing attacks.
The Internet Systems Consortium (ISC) tracks this issue as two separate vulnerabilities – one medium severity flaw that allows unauthorized zone transfers (CVE-2017-3142), and a high severity flaw that can be exploited for unauthorized dynamic updates (CVE-2017-3143).
ISC addressed the problem this week with the release of BIND 9.9.10-P2, 9.10.5-P2 and 9.11.1-P2. Knot DNS patched the vulnerability with the release of versions 2.5.2 and 2.4.5 last week.
TSIG is also supported by, among others, PowerDNS and NSD, but the developers of these DNS servers have not published any advisories to indicate whether or not their products are affected.
Related: Critical Flaw Patched in BIND Installer for Windows
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
- Apple Patches Exploited iOS Vulnerability in Old iPhones
- FBI Confirms North Korean Hackers Behind $100 Million Horizon Bridge Heist
Latest News
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
- Tenable Launches $25 Million Early-Stage Venture Fund
- 820k Impacted by Data Breach at Zacks Investment Research
- Mapping Threat Intelligence to the NIST Compliance Framework Part 2
- Hive Ransomware Operation Shut Down by Law Enforcement
- US Government Agencies Warn of Malicious Use of Remote Management Software
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
