In other words, this “feature” can be exploited by an attacker to crash a remote service. For example, in order to exploit this, you must have a server that has a publicly accessible DNS A record. The attacker could then send a DNS query to that server that would trigger the vulnerability and crash the server. Depending on the nature of the service, this may or may not be a concern. For example, an online game is unlikely to have a problem with this. On the other end of the spectrum, a remote SSH server is likely to have a problem with this. Due to the lack of permissions, the attacker would be able to crash the server without any additional privileges from the user.

Exploiting DNS Forwarding

DNS forwarding is a feature that allows a server to resolve domains that are not explicitly permitted by the server. This is done with the use of forwarding zones in DNS. These zones allow for domains to be resolved by querying other servers and not the original server.
This vulnerability would allow an attacker to inject DNS queries into a remote service to target a particular victim. For example, an attacker could send a DNS query to the vulnerable server that causes it to make connections with remote servers such as SSH servers or database servers. If these connections are made without authentication, then the attacker can exploit this vulnerability and gain access to those services without any additional privileges from the user.

Conclusion

This vulnerability was found in many products in the wild that allow DNS forwarding and is a fairly easy exploit. It goes to show that you should always thoroughly test your products when they are released.

Timeline

Published on: 10/14/2022 19:15:00 UTC
Last modified on: 10/18/2022 19:05:00 UTC

References