Critical DNS flaw found, allows attackers to get full control

A critical DNS bug affects almost the entire Internet, though a fix is already out or on the way for most DNS software configurations.

@wesjanson99
Published Mon, Feb 22 2016 3:59 PM CST   |   Updated Sat, Aug 8 2020 10:29 AM CDT

The DNS system that forms the backbone of the Internet, resolving those names into the numbers that correspond to the actual websites we visit, has a critical flaw that effects nearly all DNS servers. That is, any server that runs Linux and relies on the GNU C standard library. A flaw in that library could case a buffer overflow, which might allow an attacker to take full control over someone's PC.

Critical DNS flaw found, allows attackers to get full control  | TweakTown.com

The flaw itself is actually from 2008, where it was discovered that overly long DNS names being replied to requests from those servers could result in a tragic buffer overflow in the victims browser, potentially letting an attacker execute code remotely. It's even possible to perform a full-blow man-in-the-middle attack, taking over a machine completely. It can be triggered by already malicious DNS servers.

Thankfully a fix is already ready fro most distributions of Linux, which requires only a quick update to fix. If your server distro isn't running one, then you can configure your firewall to drop long DNS responses altogether, so no overflows happen. So the majority of the Internet is largely safe, but it still might effect smaller connected and embedded devices that have Glibc that likely won't see any updates with the patched version. Routers, DVR's, some TV's and even NAS devices might still and continue to be at risk.

NEWS SOURCE:boingboing.net

Jeff grew up in the Pacific Northwest where he fell in love with gaming and building his own PC’s. He's a huge fan of any genre of gaming from RTS to FPS, but especially favors space-sims. Now he's stepped into the adult world by becoming a professional student looking to break into the IT Security world. When he’s not deep in his studies, he’s deep in a new game, revisiting an old game, or testing the extreme limits of his own PC. He's now a news contributor for TweakTown, looking to bring a unique view on technology and gaming.

Related Tags

Newsletter Subscription

Latest News

View More News

Latest Reviews

View More Reviews

Latest Articles

View More Articles