Researchers at the University of Oulu (Finland) have discovered multiple vulnerabilities in Internet Domain Name System (DNS) management software. Cisco, Microsoft, and Sun Microsystems are currently investigating whether their customers have been affected.
These vulnerabilities could be exploited by hackers to “create various troubles,” such as disrupting DNS servers or facilitating the installation of unauthorized software by cybercriminals.
The experts from Oulu have released a testing suite for detecting these vulnerabilities, and several DNS management tool providers, including Juniper Networks and the Internet Software Consortium (ISC), have also acknowledged that some of their products have been compromised. However, the vulnerabilities in ISC’s BIND (Berkeley Internet Name Domain) software are assessed as “not critical.” Meanwhile, Hitachi and Wind River have stated that they are not affected.
DNS servers are being closely monitored due to recent attacks that have demonstrated their susceptibility to being controlled to take down multiple websites simultaneously.
Last month, the Internet service company VeriSign (USA) reported that a group of cybercriminals had seized computers and domain name servers to carry out Distributed Denial of Service (DDoS) attacks against approximately 1,500 organizations. Following this incident, hackers continued to “bombard” the DNS servers of Network Solutions (USA) and Joker.com (Germany).
T.N.
