Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

DNS Security Flaw

Discussion in 'Bind/DNS/Nameserver' started by compunet2, Aug 8, 2008.

  1. compunet2

    compunet2 Well-Known Member

    Feb 21, 2003
    Likes Received:
    Trophy Points:
    Is this something cPanel customers need to be concerned with?

    DNS Security Flaw Secret Leaked Prior to Set Date: Patch DNS as Fast as Possible

    * Jul 21, 2008 6:32 PM PDT
    * Comments: 0
    * Views: 1,665

    Print Comment Share
    By CircleID Reporter

    In what seems to have started with a blog post by reverse engineer Halvar Flake, and subsequent blog postings from other experts in the know, the details of the recently announced DNS vulnerability was quite likely made public today. The DNS flaw was found earlier this year by security researcher Dan Kaminsky and earlier this month announced publicly along with various tools and patches provided by numerous vendors. However, the details of the flaw were kept secret—with the exception of select group of experts—in order to allow for proper security measures to be taken by those at risk. Shortly after the official July 8th announcement, Kaminsky emphasized that he "wanted to go public with the issue to put pressure on corporate IT staff and Internet service providers to update their DNS software, while at the same time keeping the bad guys in the dark about the precise nature of the problem. A full public disclosure of the technical details would make the Internet unsafe."

    Following speculative postings online including those by Flake today, someone from the security research firm, Matasano, who was already aware of the details published details of the flaw on the Matasano blog but soon after removed. However, the content of the post spread rapidly and is available despite its removal from the original source.

    Thomas Ptacek, Principal at Matasano Security has posted a public apology on its blog:

    Earlier today, a security researcher posted their hypothesis regarding Dan Kaminsky’s DNS finding. Shortly afterwards, when the story began getting traction, a post appeared on our blog about that hypothesis. It was posted in error. We regret that it ran. We removed it from the blog as soon as we saw it. Unfortunately, it takes only seconds for Internet publications to spread.

    We dropped the ball here.

    Since alerting the Internet earlier in July about the upcoming announcement of his finding, Dan has consistently urged DNS operators to patch their servers. We confirmed the severity of the problem then and, by inadvertantly verifying another researcher’s results today, reconfirm it today. This is a serious problem, it merits immediate attention, and the extra attention it’s receiving today may increase the threat. The Internet needs to patch this problem ASAP.

    Dan told me about his finding personally, in order to help ensure widespread patching before further details were announced at the upcoming Black Hat conference. We chose to have a story locked and loaded for that presentation, or for any other confirmed public disclosure. On a personal level, I regret this as well.

    As a result of today's incidents, security experts are re-emphasizing the importance of urgently patching vulnerable DNS servers as fast as possible.

    Kaminsky has made the following post on his blog in reaction to the leak:

    Patch. Today. Now. Yes, stay late. Yes, forward to OpenDNS if you have to. (They’re ready for your traffic.) Thank you to the many of you who already have.

    Internet Systems Consortium (ISC) is currently working on tools to detect attacks based on this vulnerability.
  2. bls24

    bls24 Well-Known Member

    May 12, 2007
    Likes Received:
    Trophy Points:
    This affects everybody from what I've read about it. At this point in time there isn't a one-stop patch, but there are things to do to make yourself safer (keeping everything up-to-date, obviously).

    Test your server:

    If you get the yellow bar saying you allow recursive DNS, easy fix:
  3. pjman

    pjman Well-Known Member

    Mar 22, 2003
    Likes Received:
    Trophy Points:
    New York
    bls 24 A 1000 Thanks for Iana link!

    I have been looking for a test like that for ever. I was pretty sure I was safe since I run Red Hat and had bind patched about a month ago, but this makes me feel much better.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice