Trusteer Discovered Flaw in BIND 9 Software
CTO at Trusterr Ltd., Amit Klein, said that the flaw in BIND 9 can allow a hacker to compel the DNS server to return an invalid Website to the user, a technique termed as pharming or DNS cache poisoning. The flaw in all the BIND 9 rises when the software is used in a caching server configuration, as per the news by PcWorld on July 25, 2007.
The problem is a grounded on a serious basis as the desktop security software isn't able to stop this type of attack. The attack is not directed towards the PC or DNS server; it targets the data stored on the server. Whenever a user types a Web address in a browser, straightly the request is send to a server of DNS, which locates the related Internet Protocol (IP) address and finds the site.
Most of the servers of DNS cache queries/save in memory in order to improve the task. If, by any chance, the attacker asks for some web address, which is not saved in the server's cache, the hacker can fill cache with wrong data (like the address of another different site). This data can be then sent back for the future DNS queries. This implies that the user can land up in a fake website even if he types the right address in the browser.
The ISC (Internet Storm Center) has said that once the hacker knows the status of the targets that the BIND downloads, it becomes possible to give a fake response. Domain Name System employs UDP (User Datagram Protocol) by default and each question sent by DNS server comprise of an arbitrary transaction ID. The server that will answer the question will also include the transaction ID, so that the DNS server (asking queries) will know what type of question is answered by this particular reply, as per the reports by Monsterandcritics on July 25, 2007.
The users of the software that has Internet Security Providers (ISPs) and large firms are suggested that they should repair the software immediately to prevent the attacks of pharming, in which they reached to a site created by the cyber criminals.
Related article: TRUSTe Certified Websites May Still Contain Malware
» SPAMfighter News - 04-08-2007