EGI CSIRT:Alerts/dns-29-07-2008

From EGIWiki
Jump to: navigation, search


| Mission | Members | Contacts
| Incident handling | Alerts | Monitoring | Security challenges | Procedures | Dissemination



------------------------------------------------------------------------
              EGEE Operational Security Coordination Team security alert

Security vulnerability: DNS cache poisoning/spoofing
Date:    29 July 2008
URL:     http://cern.ch/osct/alerts/dns-29-07-2008.txt
Rating:  Medium
Affects: Various DNS implementations
------------------------------------------------------------------------

Dear Security Contacts and System Administrators,

The OSCT has been made aware of a security flaw affecting various DNS
implementations.  It is making DNS cache poisoning attacks more feasible
than previously thought.  Details on the vulnerability, a list of
systems known to be affected, and actions you can take to secure your
systems can be found at

        http://www.kb.cert.org/vuls/id/800113

If your site maintains DNS servers, please follow the linked
instructions to mitigate the risk.  If sites do not maintain DNS
servers, no actions need to be taken.  But it is strongly recommended
to check with operators of DNS services used by your site that proper
fixes have been applied to the servers.


Source

Parts of this article came from the OSCT wiki, this was written by the EGEE Operational Security Coordination Team.