DNS spoofing vulnerability

Chris Buxton cbuxton at menandmice.com
Fri Jul 11 16:11:25 PDT 2008


I assume most of you have heard about the recent BIND/MS DNS updates  
to somewhat address a new DNS spoofing attack vector discovered by Dan  
Kaminsky.

What you may not have heard is that the Unix stub resolver, part of  
glibc, is also vulnerable.

Does anyone know if/when glibc will be patched against this? Until it  
is, you should disable nscd (the stub resolver's caching daemon) if  
you're using it. (Also disable any other DNS caching routine you have  
running until the problem is addressed by the vendor - too bad Mac  
users really can't do this.) This will reduce your exposure, although  
not as much as using a patched stub resolver would.

Chris Buxton
Professional Services
Men & Mice




More information about the hlfs-dev mailing list