Hide Forgot
Improper input validation bug in DNS resolver component of knot-resolver before 2.4.1 allows remote attacker to poison cache. References: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html
Acknowledgments: Name: Petr Spacek, the CZ.NIC team Upstream: Marek Vavruza
[Affected version (required)]: Knot Resolver <= 2.4.0 [Fixed version (optional)]: Knot Resolver 2.4.1 [Vulnerability type (required)]: CWE-20: Improper Input Validation [Affected component (required)]: resolver [Impact of exploitation (required)]: Under certain circumstances this bug allows an attacker to hijack DNS domains. [Description of vulnerability]: Improper input validation bug in DNS resolver component of Knot Resolver allows remote attacker to poison cache. To execute this attack the attacker has to have: + access to rogue authoritative server and + ability to trigger query from resolver under attack to authoritative server under attacker's control For successful exploitation the data used to poison cache need to match certain criteria which we decided not to disclose at the moment. Please note that "classical" DNS answer spoofing is going to be very hard because Knot Resolver randomizes ports, query ID, and query name capitalization - i.e. plain Kaminsky attack will be difficult. This is why attacker needs to control an authoritative server. Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None Scope (S): Unchanged Confidentiality (C): None Integrity (I): High Availability (A): None Technical Details: CWE-20 Acknowledgment: CZ.NIC would like to thank Marek Vavrusa for reporting this issue. [Reference URL 1 (required)]: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html