Dan Kaminsky’s DNS exploit released

A few weeks ago, Dan Kaminsky published information about a flaw in the DNS protocol that could allow attackers to compromise DNS records.

“We worked with vendors on a coordinated patch,” said Kaminsky, noting this is the first time such a coordinated multi-vendor synchronized patch release has ever been carried out. Microsoft, Sun, ISC’s DNS Bind, and Cisco have readied DNS patches, said Kamisnky

Today the exploit was released to the world, and is available on Metasploit.
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt

No related posts.