Stories
Slash Boxes
Comments

SoylentNews is people

Cache Poisoning Vulnerabilities Found in 2 DNS Resolving Apps

posted by hubie on Sunday October 26, @07:35AM   Printer-friendly
from the let's-just-use-the-DNS-from-US-East-1 dept.

"Anonymouse" writes:

Cache Poisoning Vulnerabilities Found in 2 DNS Resolving Apps

The makers of BIND, the Internet's most widely used software for resolving domain names, are warning of two vulnerabilities that allow attackers to poison entire caches of results and send users to malicious destinations that are indistinguishable from the real ones.

The vulnerabilities, tracked as CVE-2025-40778 and CVE-2025-40780, stem from a logic error and a weakness in generating pseudo-random numbers, respectively. They each carry a severity rating of 8.6. Separately, makers of the Domain Name System resolver software Unbound warned of similar vulnerabilities that were reported by the same researchers. The unbound vulnerability severity score is 5.6

[...] In 2008, researcher Dan Kaminsky revealed one of the more severe Internet-wide security threats ever. Known as DNS cache poisoning, it made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else. With industry-wide coordination, thousands of DNS providers around the world—in coordination with makers of browsers and other client applications—implemented a fix that averted this doomsday scenario.

[...] What Kaminsky realized was that there were only 65,536 possible transaction IDs. An attacker could exploit this limitation by flooding a DNS resolver with lookup results for a specific domain. Each result would use a slight variation in the domain name, such as 1.arstechnica.com, 2.arstechnica.com, 3.arstechnica.com, and so on. Each result would also include a different transaction ID. Eventually, an attacker would reproduce the correct number of an outstanding request, and the malicious IP would get fed to all users who relied on the resolver that made the request. The attack was called DNS cache poisoning because it tainted the resolver's store of lookups.

[...] "Because exploitation is non-trivial, requires network-level spoofing and precise timing, and only affects cache integrity without server compromise, the vulnerability is considered Important rather than Critical," Red Hat wrote in its disclosure of CVE-2025-40780.

The vulnerabilities nonetheless have the potential to cause harm in some organizations. Patches for all three should be installed as soon as practicable.

Original Submission

 
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Cache Poisoning Vulnerabilities Found in 2 DNS Resolving Apps | Log In/Create an Account | Top | 2 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 1, Interesting) by Anonymous Coward on Sunday October 26, @05:02PM

    by Anonymous Coward on Sunday October 26, @05:02PM (#1422351)

    Then we can kill the whole client/server routine that is so fragile on public networks.

  • (Score: 2) by ls671 on Tuesday October 28, @08:14AM

    by ls671 (891) Subscriber Badge on Tuesday October 28, @08:14AM (#1422579) Homepage

    Since when is BIND considered an "app"? /s

    --

    Everything I write is lies, including this sentence.
(1)