Microsoft Domain Name Servers hosted on Windows NT or Windows 2000 Server systems run with permissive DNS cache defaults. This may allow unauthorized remote intruders to redirect sites that rely on the vulnerable DNS servers for legitimate information.
The Domain Name System, (partially specified in RFC 1034, Domain Names - Concepts and Facilities,) is the network infrastructure which maps Internet addresses to human-readable labels (names), and vice-versa. Several implementations of the servers responsible for managing this mapping information have had a specific security vulnerability called "cache poisoning" which may lead to corruption of the DNS information (resource records, or RRs) being managed (see CA-1999-22 for more details).
Cache poisoning occurs when malicious or misleading data received from a remote name server is saved (cached) by a gullible name server. This bad data is then made available to programs running on workstations that request the cached data through the client interface (resolver). (Sample programs needing such DNS information include web browsers and email servers). This can adversely affect the mapping between host names and IP addresses, among other things. Once this mapping has been changed, hosts looking for legitimate DNS responses from a corrupted server can be redirected to arbitrary sites.
Once the cache poisoning occurs, hosts looking for legitimate DNS responses from a corrupted server can be redirected to arbitrary sites. Alternatively, the information returned can be garbage, leading to possible denial of DNS service.
See Q241352 for the complete set of instructions for enabling cache protection for both Windows NT and Windows 2000 Server systems.
- http://www.ietf.org/rfc/rfc1035.txt (STD 13)
The details of this issue have been discussed in several public forums: NANOG INCIDENTS@securityfocus.com SANS firstname.lastname@example.org Microsoft has several articles in its knowledgebase as well.
This document was written by Jeffrey S. Havrilla.
|Date First Published:||2001-08-09|
|Date Last Updated:||2002-08-06 21:43 UTC|