Exploit released for vulnerability in BIND9 nameserver
A program has appeared on the Milw0rm exploit portal which is able to exploit the recently reported vulnerability in the BIND9 nameserver. Transaction IDs can be predicted or guessed relatively easily, so the cache of a vulnerable nameserver can be poisoned. Phishers can use cache poisoning for pharming attacks on users by manipulating the assignment of a server name to an IP address. Even if the user enters the name of his bank in the address line of his browser manually, he will still be taken to a counterfeit web page.
However, the attacker must himself be in control of an authorative nameserver in order to manipulate the cache of a nameserver either by hacking into a server or administering a server for his own domain. In order to protect their users, operators using BIND9 should now install the version cleared of the bug as soon as possible. Amit Klein who discovered the hole estimates that around half of all the nameservers on the web are running BIND9 so the latest vulnerability could potentially affect the entire internet.
- Hole in Bind nameserver has far-reaching effects, report by heise Security
- DNS cache poison v0.3beta by posedge, exploit on Milw0rm