EGI CSIRT:Alerts/dns-29-07-2008

From EGIWiki
Jump to: navigation, search

| Mission | Members | Contacts
| Incident handling | Alerts | Monitoring | Security challenges | Procedures | Dissemination

              EGEE Operational Security Coordination Team security alert

Security vulnerability: DNS cache poisoning/spoofing
Date:    29 July 2008
Rating:  Medium
Affects: Various DNS implementations

Dear Security Contacts and System Administrators,

The OSCT has been made aware of a security flaw affecting various DNS
implementations.  It is making DNS cache poisoning attacks more feasible
than previously thought.  Details on the vulnerability, a list of
systems known to be affected, and actions you can take to secure your
systems can be found at

If your site maintains DNS servers, please follow the linked
instructions to mitigate the risk.  If sites do not maintain DNS
servers, no actions need to be taken.  But it is strongly recommended
to check with operators of DNS services used by your site that proper
fixes have been applied to the servers.


Parts of this article came from the OSCT wiki, this was written by the EGEE Operational Security Coordination Team.