Subj : The "KeyTrap" DNS vulnerability
To   : All
From : LWN.net
Date : Tue Feb 20 2024 19:15:05

The "KeyTrap" DNS vulnerability

Date:
Tue, 20 Feb 2024 19:01:07 +0000

Description:
DNS resolvers (those that handle DNSSEC, at least) are almost uniformly
vulnerable to an exploit
that has been named "KeyTrap" .  In short, the right type of packet can
send a DNS system into something close to an infinite loop, taking it out
of service indefinitely. With just a single DNS packet, hackers could 
paralyze all common
	DNS implementations and public DNS providers. Exploiting this
	attack would have serious consequences for any application that
	uses the internet, including the unavailability of technologies
	such as web browsers, email and instant messaging. This devastating
	effect prompted major DNS vendors to call KeyTrap "The worst attack
	on DNS ever discovered" Some more information and pointers to updates 
can be found on the
CVE-2023-50387 page ; some distributors have been faster to get updates
out than others. (Thanks to Dave Tht).

======================================================================
Link to news story:
https://lwn.net/Articles/962924/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.