CERT-In Vulnerability Note CIVN-2008-179
Vulnerability in the Solaris IP Filter Network Address Translation
Original Issue Date:
November 19, 2008
Severity Rating:
High
Systems Affected
- Solaris 10
- OpenSolaris based upon builds snv_01 through snv_95
Overview
A vulnerability has been reported in Sun Solaris IP Filter Network Address Translation (NAT) that may allow remote unprivileged user to cause DNS cache poisoning.
Description
The vulnerability is caused due to an error in the handling of DNS traffic and can be exploited to poison the DNS cache. This issue is caused due to error in the IP Filter (ipfilter) when configured to provide Network Address Translation ( NAT ) service on DNS servers, which may allow remote unprivileged users to cause, named to return incorrect addresses for Internet hosts, thereby redirecting end users to unintended hosts or services.
Solutions
Apply appropriate patches as suggested by vendor
- SPARC Platform - patch 127888-11
- x86 Platform - patch 127889-11
Vendor Information SUN
http://sunsolve.sun.com/search/document.do?assetkey=1-66-245206-1
References
Secunia
http://secunia.com/Advisories/32625/
FrSIRT
http://www.frsirt.com/english/advisories/2008/3129
AusCERT
http://www.auscert.org.au/render.html?it=10071
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
