A newly disclosed security vulnerability in the DNS system could leave providers at risk of server attacks.
Keyu Man, Xin’an Zhou and Zhiyun Qian of the University of California, Riverside said in a recently published paper that attackers who exploit the vulnerability could potentially get in between the connection from the DNS resolver to the nameserver, thus allowing them to change the server IP addresses connected to various web domains. The research on the vulnerability, designated CVE-2021-20322, was presented Wednesday at the ACM Conference on Computer and Communications Security in South Korea.
Central to the attack is the way Linux handles DNS queries on servers, specifically Internet Control Message Protocol (ICMP) packets. The academic research team found that these behaviors could be used to infer the User Datagram Protocol (UDP) port number between the resolver and nameserver, something that is otherwise randomized and extremely difficult to guess.