Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Many DNS Servers Still Vulnerable To Attack

One-quarter of DNS servers are still not patched against cache poisoning, study says

More than six months after the discovery of security flaws in the Internet's core addressing system, many Domain Name System (DNS) servers are still open to attack, according to a study published today.

According to a report on DNS trends published by Infoblox and the Measurement Factory, approximately one in four DNS servers still does not perform source port randomization, the chief patch for the so-called "Kaminsky vulnerability" that was discovered by researcher Dan Kaminsky in the first half of last year and fully disclosed at the Black Hat conference in August.

"A surprising number have not been upgraded and are very vulnerable to cache poisoning," the report states.

The study, which took a sample of 5 percent of the Internet's IPv4 address space -- about 80 million addresses -- also showed that more than 40 percent of Internet name servers allow recursive queries, which is one of the design flaws that might enable attackers to abuse Internet address spaces for their own purposes. About 30 percent allow zone transfers to arbitrary requestors, another flaw that could lead to vulnerabilities such as those discovered by Kaminsky.

Only 0.002 percent of DNS zones in the test were found to support DNSSEC, which is widely viewed as a possible "next step" in reducing the effects of DNS security flaws. "Administrators have not been convinced of its importance -- perhaps intimidated by its complexity -- but new mandates could mean a significant change in the near future," the study says.

The researchers found that 90 percent of DNS server operators are running the most current version of BIND, and that reliance on the vulnerable Microsoft DNS Server has dropped to 0.17 percent. Adoption of IPv6, which is designed to provide greater security, continues to be slow, the study says. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
GDPR Enforcement Loosens Amid Pandemic
Seth Rosenblatt, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4306
PUBLISHED: 2020-05-29
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
CVE-2020-4352
PUBLISHED: 2020-05-29
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.
CVE-2020-4490
PUBLISHED: 2020-05-29
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 1...
CVE-2020-5572
PUBLISHED: 2020-05-29
Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.
CVE-2020-5573
PUBLISHED: 2020-05-29
Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.