The DNS system that forms the backbone of the Internet, resolving those names into the numbers that correspond to the actual websites we visit, has a critical flaw that effects nearly all DNS servers. That is, any server that runs Linux and relies on the GNU C standard library. A flaw in that library could case a buffer overflow, which might allow an attacker to take full control over someone's PC.
The flaw itself is actually from 2008, where it was discovered that overly long DNS names being replied to requests from those servers could result in a tragic buffer overflow in the victims browser, potentially letting an attacker execute code remotely. It's even possible to perform a full-blow man-in-the-middle attack, taking over a machine completely. It can be triggered by already malicious DNS servers.
Thankfully a fix is already ready fro most distributions of Linux, which requires only a quick update to fix. If your server distro isn't running one, then you can configure your firewall to drop long DNS responses altogether, so no overflows happen. So the majority of the Internet is largely safe, but it still might effect smaller connected and embedded devices that have Glibc that likely won't see any updates with the patched version. Routers, DVR's, some TV's and even NAS devices might still and continue to be at risk.
- >> NEXT STORY: DOOM's Warpath multiplayer mode detailed in new blog post
- << PREVIOUS STORY: ProtoStar tech demo shows the future of mobile graphics, UE4, Vulkan