5
The "KeyTrap" DNS vulnerability
source link: https://lwn.net/Articles/962924/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
The "KeyTrap" DNS vulnerability
[Posted February 20, 2024 by corbet]
DNS resolvers (those that handle DNSSEC, at least) are almost uniformly vulnerable to an exploit that has been named "KeyTrap". In short, the right type of packet can send a DNS system into something close to an infinite loop, taking it out of service indefinitely.
With just a single DNS packet, hackers could paralyze all common DNS implementations and public DNS providers. Exploiting this attack would have serious consequences for any application that uses the internet, including the unavailability of technologies such as web browsers, email and instant messaging. This devastating effect prompted major DNS vendors to call KeyTrap "The worst attack on DNS ever discovered"
Some more information and pointers to updates can be found on the CVE-2023-50387 page; some distributors have been faster to get updates out than others.
(Thanks to Dave Täht).
(Log in to post comments)
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK