Researchers at Finland's University of Oulu have discovered multiple flaws in the software used for administering the Internet's DNS (domain name system).
Exploiting the vulnerabilities could "cause a variety of outcomes," including crashing the DNS server or possibly enabling attackers to run unauthorized software, according to an advisory that the U.K.'s National Infrastructure Security Co-ordination Centre posted today.
Oulu researchers have created a DNS test suite to use in testing for these vulnerabilities; and a number of DNS software providers, including Juniper Networks and the Internet Software Consortium, have confirmed that some of their products are vulnerable.
Some Not Considered Critical
The bug found in the Internet Software Consortium's BIND (Berkeley Internet Name Domain) software is "not considered high-risk," the group said. Hitachi and Wind River Systems have said that their products are not affected.
Microsoft, Cisco Systems, and Sun Microsystems are testing their products and could not immediately say whether customers would be affected.
Collectively the world's DNS servers manage the Internet's system for converting easy-to-remember Internet addresses, like Google.com, into the unique IP (Internet Protocol) addresses that machines use.
These servers have come under increasing scrutiny because recent attacks have shown how attackers might compromise the DNS system to bring down a large number of Web sites. PC World has addressed parts of the problem in our Web of Crime Series.
Last month, VeriSign revealed that unknown attackers had used compromised computers and DNS servers to launch a denial-of-service attack against about 1500 organizations.
Shortly after that assault was publicized, hackers attacked DNS servers at Network Solutions, and Joker.com, a domain-name registrar based in Germany. Both of these events ended up disrupting service to customers.