Google & Red Hat discover critical DNS security flaw that enables malware to infect entire internet - Polidicks

[quote]Google and enterprise software firm Red Hat have discovered a critical security flaw affecting the Internet's Domain Name System (DNS), found in a universally used protocol. This means an attacker could use it to infect almost everything on the entire internet. With the flawed code spread far and wide, it will likely take years of effort to patch the bug.[/quote] [url]http://www.ibtimes.co.uk/google-red-hat-discover-critical-dns-security-flaw-that-enables-malware-infect-entire-internet-1545687[/url] EDIT- Better source courtesy of Jelman below - [url]http://thehackernews.com/2016/02/glibc-linux-flaw.html?m=1[/url]

Funfact the last time DNS had a problem like this it took 10 years to fix.

holy crap this is big

Not a very informative article. What causes it, and how do server managers fix it, if applicable to non-professional owners?

[quote]The buffer overflow would then make it possible for an attacker to remotely execute code[/quote] I swear to fucking god its always a fucking buffer overflow that causes most security bugs.

[QUOTE=Giraffen93;49810610]Not a very informative article. What causes it, and how do server managers fix it, if applicable to non-professional owners?[/QUOTE] Well from what I understood, there's no real fix for it yet, plus saying what causes it would most likely give people the means to replicate it and cause damage with it

So why are they reporting on it then? If there's an error this big, don't we want hackers not knowing about it?

[QUOTE=mcgrath618;49810641]So why are they reporting on it then? If there's an error this big, don't we want hackers not knowing about it?[/QUOTE] its important to report the severity so people will update to fix the bug when the patch gets out

Title is fucking sensationalist as fuck "Entire internet" lmao whats this bullshit [url]http://thehackernews.com/2016/02/glibc-linux-flaw.html?m=1[/url] Here's an article that goes into more detail

fucking hell, fixing this will be a real pain i'm still on old debian versions that will break stuff when upgrading, nobody specifies what specific package to upgrade, and on one of the servers, / is too small, so i can't even upgrade anything on that one

[QUOTE=~Kiwi~v2;49810647]They haven't stated how it's done. Only that it exists.[/QUOTE] [quote]The security vulnerability works by tricking browsers into looking up suspicious domains, which causes servers to reply with DNS names that are far too long, thus causing a buffer overflow in the victim's software.[/quote]

So until the patch is rolled out onto all Linux Distros and safe recompiles of everything that used glibc, they say one way to mitigate this/prevent explotation is limit DNS reply sizes: [QUOTE]Meanwhile, you can help prevent exploitation of the flaw, if you aren’t able to immediately patch your instance of glibc, by limiting all TCP DNS replies to 1024 bytes, and dropping UDP DNS packets larger than 512 bytes.[/QUOTE] Is this something I could do in iptables or where?

[QUOTE=Reagy;49810628]I swear to fucking god its always a fucking buffer overflow that causes most security bugs.[/QUOTE] Easiest kind of bug to create tbh. Especially if you're doing that ~optimisation~~ shit and just start assuming things about the data. It does make me wonder how many other buffer overflow vectors common protocols might have, we've found a shitload recently.

[QUOTE=Reagy;49810628]I swear to fucking god its always a fucking buffer overflow that causes most security bugs.[/QUOTE] That's because there's so many ways to do it and so many ways to exploit it and it's not necessarily easy to fix [editline]25th February 2016[/editline] [QUOTE=hexpunK;49812232]Easiest kind of bug to create tbh. Especially if you're doing that ~optimisation~~ shit and just start assuming things about the data. It does make me wonder how many other buffer overflow vectors common protocols might have, we've found a shitload recently.[/QUOTE] Well I know for a fact that proprietary protocols are rife with these, just look at the people that managed to hack into BMWs remotely to get the ability to make them crash from the damn internet. That's spooky.

Hasn't this already been patched? I'm sure I had to update glibc for this a few days ago. [editline]25th February 2016[/editline] [url]https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.7[/url]

[QUOTE=Shocky;49812578]Hasn't this already been patched? I'm sure I had to update glibc for this a few days ago. [editline]25th February 2016[/editline] [url]https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.7[/url][/QUOTE] Its been patched, but now those patches have to actually be installed, which is the long part. Many systems don't get updated frequently, if at all.

[QUOTE=mcgrath618;49810641]So why are they reporting on it then? If there's an error this big, don't we want hackers not knowing about it?[/QUOTE] Assume an exploit is already known about+in active use.

a buffer overflow exploit would imply it only effects a certain kind of DNS server. Although regardless raising awareness is important.

[QUOTE=mcgrath618;49810641]So why are they reporting on it then? If there's an error this big, don't we want hackers not knowing about it?[/QUOTE] Security through obscurity is not security. Also, how are you going to tell people to patch their shit without disclosing the vulnerability, especially in an open source library, that anyone can see?

[QUOTE=Jelman;49810656]Title is fucking sensationalist as fuck "Entire internet" lmao whats this bullshit [url]http://thehackernews.com/2016/02/glibc-linux-flaw.html?m=1[/url] Here's an article that goes into more detail[/QUOTE] Thanks for the better article, was in a rush when posting. This kind of news gives someone in my line of work hasty skidmarks.