OSVDB ID: 47234

Title: Blue Coat Multiple Product DNS Query ID Field Prediction Cache Poisoning

Info

Disclosure

Jul 14, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Blue Coat products contain a flaw that may allow a malicious user to poison a recursive DNS cache. The issue is triggered by a weakness in the algorithm used to generate random DNS transaction IDs, which combined with a static source port for all DNS queries can allow an attacker to spoof a DNS response packet. It is possible that the flaw may allow a remote attacker to poison a DNS cache resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Cryptographic, Input Manipulation, Race Condition
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Blue Coat has released several patches to address this vulnerability.

Products

Blue Coat Systems, Inc.

Director

4.2.2.3
5.2.2.4

PacketShaper

8.3.1
8.3.9

iShaper

8.3.1

ProxyRA

2.3.2.0

ProxySG

5.2.4.2
4.2.8.5

References

Credit

  • dan kaminsky - IOActive


Direct URL: http://osvdb.org/47234