Dan Kaminsky previewed information relating to possibly the worst DNS-related exploit ever, earlier this month. The issue is a cache poisoning vulnerability and can result in DNS answers containing fiddled information. This is actually a general design issue more than any vendor-specific issue. Imagine entering a url in your browser and been taken to another site instead, one that was not expected, where malicious code is auto executed or worse, a fake copy of the target site has been developed where you unintentionally enter personal defining information such as user names and passwords.
All vendors’ DNS implementations were affected and most have updated their respective versions by now – a notable exception is Apple’s MacOS X Server … Apparently Apple are to busy with more important things like MobileMe issues. Considering that there is active exploit code circulating, it’s vitally important that if you run an authoritative name server, that you update your DNS applications soonest. A test is available on Dan’s site if need more info or to check your system.
A little birdie has also whispered in my ear that BIND 9.5.x-p has been particularly unstable; just a note for those using the latest version of the most popular DNS server on the market.
