An attacker could exploit vulnerabilities in implementations of the Domain Name System protocol to cause a denial of service in a variety of products, British-based National Infrastructure Security Co-Ordination Centre (NISCC) said.
The NISCC advisory
The advisory said the vulnerabilities "are a result of liberal interpretation of the DNS protocol by implementers. DNS uses a message format to provide a mechanism to resolve domain names into IP addresses; a message can either be a 'query' or a 'response.' By implementing the protocol in such a way in which a 'response' is allowed to be answered with a 'response,' this will cause messages to bounce back and forth between the servers and hence cause a query-response storm that can result in a denial-of-service attack."
Furthermore, the NISCC said, by sending these implementations a query that appears to originate from the local host on UDP Port 53, the server "will respond to itself and will keep responding to these responses," entering a loop that can exhaust system resources and result in a denial-of-service attack.
Several vendors whose products may be affected are listed in the advisory. Of them:
- Swedish video networking firm Axis Communications Inc. said the vulnerability has been eliminated from its products.
- Cisco Systems of San Jose, Calif., is evaluating the vulnerabilities and will release a security advisory if it confirms the vulnerability affects its products.
- VeriSign Inc. of Mountain View, Calif., said the vulnerability had affected its ATLAS platform but has been corrected. New code addressing the issue was deployed in January.
- The other vendors listed in the advisory said they investigated the issues and found their products are not affected.