Name DNS Cache Poisoning
Summary A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An attacker modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the attacker specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Attackers can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.
Prerequisites Client applications must trust the corrupted cashed values and utilize them for their domain name resolutions.
Solutions Configuration: Make sure your DNS servers have been updated to the latest versions Configuration: UNIX services like rlogin, rsh/rcp, xhost, and nfs are all susceptible to wrong information being held in a cache. Care should be taken with these services so they do not rely upon DNS caches that have been exposed to the Internet. Configuration: Disable client side DNS caching.
Related Weaknesses
CWE ID Description
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-348 Use of Less Trusted Source
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
Back to Top