Tech content trusted by users in North America and around the world
7,296 Reviews & Articles | 53,177 News Posts

Critical DNS flaw found, allows attackers to get full control

A critical DNS bug affects almost the entire Internet, though a fix is already out or on the way for most DNS software configurations
By: Jeff Williams | Hacking & Security News | Posted: Feb 22, 2016 9:59 pm

The DNS system that forms the backbone of the Internet, resolving those names into the numbers that correspond to the actual websites we visit, has a critical flaw that effects nearly all DNS servers. That is, any server that runs Linux and relies on the GNU C standard library. A flaw in that library could case a buffer overflow, which might allow an attacker to take full control over someone's PC.

 

critical-dns-flaw-found-allows-attackers-full-control_3

 

The flaw itself is actually from 2008, where it was discovered that overly long DNS names being replied to requests from those servers could result in a tragic buffer overflow in the victims browser, potentially letting an attacker execute code remotely. It's even possible to perform a full-blow man-in-the-middle attack, taking over a machine completely. It can be triggered by already malicious DNS servers.

 

Thankfully a fix is already ready fro most distributions of Linux, which requires only a quick update to fix. If your server distro isn't running one, then you can configure your firewall to drop long DNS responses altogether, so no overflows happen. So the majority of the Internet is largely safe, but it still might effect smaller connected and embedded devices that have Glibc that likely won't see any updates with the patched version. Routers, DVR's, some TV's and even NAS devices might still and continue to be at risk.

NEWS SOURCES:Boingboing.net

Related Tags

Got an opinion on this news? Post a comment below!
Subscribe to our Newsletter

Latest News Posts

View More News Posts
View Our Latest Videos

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
loading