CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Recursive DNS Resolvers Affected by Serious Vulnerability

Recursive Domain Name System (DNS) resolvers are plagued by a vulnerability that can be leveraged to cause them to crash due to resource exhaustion, the CERT Coordination Center at Carnegie Mellon University (CERT/CC) reported on Tuesday.

Recursive Domain Name System (DNS) resolvers are plagued by a vulnerability that can be leveraged to cause them to crash due to resource exhaustion, the CERT Coordination Center at Carnegie Mellon University (CERT/CC) reported on Tuesday.

DNS resolvers process DNS queries with the aid of authoritative servers. If the authoritative server can’t process the request, it returns a referral response pointing to other servers that might be able to carry out the task. The problem is that a malicious authoritative server can cause some resolvers to follow an infinite chain of referrals, which can lead to a denial-of-service (DoS) state.

“A recursive DNS resolver following an infinite chain of referrals can result in high process memory and CPU usage and eventually process termination. The effect can range from increased server response time to clients to complete interruption of the service,” CERT/CC noted in its advisory. “Resolvers that follow multiple referrals at once can cause large bursts of network traffic.”

The organization also noted that it might be possible to launch a DoS attack against a target using DNS traffic.

The issue, discovered by Florian Maury of the French government information security agency ANSSI, affects at least three resolvers. On Monday, the Internet Systems Consortium (ISC) released security updates to address the vulnerability (CVE-2014-8500) in BIND, the most widely used DNS software on the Internet.

ISC pointed out in its advisory that “authoritative servers can be affected if an attacker can control a delegation traversed by the authoritative server in servicing the zone.”

According to CERT/CC, the flaw also affects NLnet Labs’ Unbound, and PowerDNS Recursor. Products from Nominum, dnsmasq and djbdns are not impacted.


Advertisement. Scroll to continue reading.

CERT/CC has notified several other organizations whose products might be affected, but so far, none of them have confirmed or denied the issue. The list includes Apple, Cisco, F5 Networks, GNU adns, Infoblox, MaraDNS, and Secure 64.

In the case of PowerDNS, the vulnerability has been assigned the CVE identifier CVE-2014-8601. The company says the latest version of PowerDNS Recursor (3.6.2, released in late October) is not affected by the bug because it includes a new feature that limits the amount of work performed to resolve a single query. Users are advised to update to PowerDNS Recursor 3.6.2, but patches for older versions have also been made available.

Unbound users have also been provided with a patch that addresses the flaw (CVE-2014-8602).

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.