Risk: Medium
A high-profile security research outfit in late May 2005 warned that a newly discovered flaw in the Domain Name System protocol could be exploited remotely to crash vulnerable servers.
The vulnerability, which carries a "moderate risk" rating, was flagged by the UK -based National Infrastructure Security Co-ordination Centre.
In a public advisory, the NISCC said the flaw exists in the recursion process used by some DNS implementations to decompress DNS messages. "Under certain circumstances, it is possible to cause the DNS server to terminate abnormally," the Centre said.
The DNS protocol, which handles the translation of domain names into IP addresses, is considered one of the Internet's most vital services and security-related hiccups can potentially be very disruptive.
However, in this case, the overall risk is minimised because the Internet Systems Consortium's BIND (Berkeley Internet Name Domain) is not considered vulnerable. BIND versions 8 and 9 are the most commonly used DNS servers on the Internet, especially on Unix-like systems, where it is a de facto standard.
Mike Poor, founder and senior security analyst at Intelguardians Network Intelligence LLC, downplayed the overall severity of the flaw but recommended patches for vulnerable DNS implementations.
"At this point it's a denial-of-service issue. If this vulnerability is found to be more widespread then currently thought, it could lead to outages if exploited," Poor told Ziff Davis Internet News.
According to the NISCC advisory, Microsoft provided the following response to the warning: "We have conducted an investigation of the issue you had reported. At this point, we have determined that the MS implementation of DNS is not affected."
At least one affected vendor, Cisco Systems Inc., has already released patches for multiple product lines.