A large number of major vendors are issuing patches to repair a newly discovered vulnerability that could allow hackers to redirect traffic across the Internet.
Dan Kaminsky, director of penetration testing at IOActive, revealed a “design flaw” he discovered in the core protocols used by Domain Name System (DNS), which is used for IP addressing and query routing across the Internet. Although there are no exploits in the wild, the vulnerability could potentially be used to hijack Web sessions remotely and route them to another server.
Kaminsky shared his find with 16 vendors — including the major makers of DNS servers, such as Cisco, Microsoft, Sun, and open source operating systems — back in March, suggesting that each vendor create a patch for the problem.
Kaminsky has released a DNS checking tool that allows users to find out if their DNS servers are subject to the vulnerability. Client systems could potentially be vulnerable, but operating system vendors and Internet service providers will likely have distributed automatic patches before client systems can be widely affected, Kaminsky said.