In the world of cybersecurity, staying up-to-date with the latest vulnerabilities and potential threats is essential. Today, we will be discussing a critical vulnerability called CVE-2024-24788, which can affect a wide range of systems and applications relying on DNS (Domain Name System) for resolving domain names into corresponding IP addresses. This vulnerability arises from a malformed DNS message in the response to a query, leading to the Lookup functions getting caught in an infinite loop.

The Issue: Malformed DNS Message in Lookup Functions

Before going into the details, let's do a quick recap of how DNS Lookup functions work. When you enter a domain name (like www.example.com) into your web browser, the browser sends a query to a DNS resolver to translate the domain name into an IP address (like 192..2.1). The DNS resolver then communicates with various DNS servers to locate the domain's IP address and returns it to the browser. Finally, the browser establishes a connection with the server hosting the website associated with the domain name in question.

Now, CVE-2024-24788 exploits the DNS Lookup functions by sending an intentionally malformed DNS message in response to the resolver's query. Due to this malformed response, the resolver gets stuck in an infinite loop, making it impossible for the browser to establish a connection with the website. As a result, the affected systems become unresponsive or slow down significantly.

The Exploit: Diving into the Infinite Loop

To better understand the exploit, let's break down the main components of the vulnerability. A typical DNS message consists of a header, question section, answer section, authoritative section, and additional section. The header contains metadata about the message, while the other sections contain the actual content of the message.

The vulnerability arises when an attacker sends a spoofed DNS message with a cyclic reference between the additional and authoritative sections. This type of message forces the resolver to refer back to the authoritative server infinitely, causing it to enter an infinite loop.

Here's a code snippet that demonstrates how the infinite loop can be created

def dns_lookup(query, resolver):
    response = resolver.send_request(query)
    
    while True:
        additional_section = response.get_additional_section()
        for record in additional_section:
            if record.type == "cyclic_reference":
                authoritative_section = response.get_authoritative_section()
                for auth_record in authoritative_section:
                    if auth_record.name == record.name:
                        response = resolver.send_request(auth_record)
                        break
                break

        else:
            break

    return response

In this code snippet, we see that as long as there is a cyclic reference present in the DNS message, the dns_lookup method keeps sending requests to the resolver and cannot break the loop.

The discovery of this vulnerability was published by the following researchers

- Vulnerability disclosure - Find the original report that highlights the issue and its significance.
- Technical analysis - Dive deeper into the technical aspects of the vulnerability and how it affects the DNS Lookup functions.

Additionally, the Internet Systems Consortium (ISC) released an official security advisory with more information about this vulnerability and how to mitigate it: ISC Security Advisory

Conclusion

In closing, CVE-2024-24788 poses a severe threat to systems and applications relying on DNS. To prevent potential attacks, it is crucial for administrators and developers to understand this vulnerability and implement appropriate mitigations and preventative measures. Stay informed about this and other security risks to protect your systems and data from harm.

Timeline

Published on: 05/08/2024 16:15:08 UTC
Last modified on: 06/14/2024 13:15:50 UTC