Initial Publication Date: Advisory Status: Advisory Severity: Legacy ID
14 Jul 2008 Closed Low
Multiple DNS implementations are vulnerable to a spoofing attack as described in the above vulnerability note and associated references. The vulnerability allows an attacker to send spoofed DNS replies and have them accepted by the DNS resolver which can give the attacker control over the DNS name to address resolution process.
Blue Coat Systems products are affected as listed below.
Successful attacks require the attacker to send a stream of spoofed DNS responses to the attacked device. In many cases this ability can be limited by network configuration. For example, configuring the device to resolve names by consulting a name server that is not vulnerable can reduce attack exposure significantly. In this configuration, the attacker would have to spoof packets from the configured nameserver, which may require the attacker to have access to the internal network.
In addition, some products use DNS in ways that mitigate the effects of DNS response spoofing. These are noted in the sections for the individual products below.
Note that details of the attack discovered by Dan Kaminsky have not been released and therefore it is difficult to assess the actual risk for a particular product. Note also that the vulnerability assessment tool at www.doxpara.com gives results for the DNS client that is sending the queries over the Internet. If a Blue Coat Systems product is configured to resolve via another DNS server, the tool will assess that server's vulnerability.