Cisco IOS DNS Query Port Entropy Weakness Lets Remote Users Spoof the System
|
|
SecurityTracker Alert ID: 1020440 |
|
SecurityTracker URL: http://securitytracker.com/id/1020440
|
|
CVE Reference:
CVE-2008-1447
(Links to External Site)
|
Date: Jul 8 2008
|
Impact:
Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Cisco IOS and other Cisco products that provide DNS services. A remote user can spoof the system.
The domain name system (DNS) service does not use sufficiently random DNS transaction ID values and/or random UDP sockets to process queries. A remote user can send specially crafted DNS queries and responses to the target service to spoof responses and insert records into the DNS cache. This may cause traffic on the target system to be redirected to arbitrary IP addresses specified by the remote user.
Cisco IOS devices that are configured as a DNS server are affected.
Cisco has assigned Cisco Bug ID CSCso81854 to this vulnerability.
Cisco Network Registrar, Cisco Application and Content Networking System (ACNS), and the Cisco Global Site Selector (GSS) products are also affected.
|
Impact:
A remote user can spoof the DNS service, causing traffic to be redirected to arbitrary hosts.
|
Solution:
The vendor has issued a fix.
A patch matrix is available in the vendor's advisory.
The vendor's advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml (Links to External Site)
|
Cause:
Randomization error
|
Underlying OS:
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 8 Jul 2008 14:13:46 -0400
Subject: Cisco IOS
|
http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml
CVE-2008-1447
|
|
