Jan
7
2009

Cisco Global Site Selector Appliances DNS Vulnerability

The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS.

Cisco has released free software updates that address this vulnerability.

A workaround that mitigates this vulnerability is available.

Vulnerable Products
The following GSS products are affected by this vulnerability:

  • Cisco GSS 4480 Global Site Selector
  • Cisco GSS 4490 Global Site Selector
  • Cisco GSS 4491 Global Site Selector
  • Cisco GSS 4492R Global Site Selector

Details
The Cisco GSS platform allows customers to leverage global content deployment across multiple distributed and mirrored data locations, optimizing site selection, improving Domain Name System (DNS) responsiveness, and ensuring data center availability.

The GSS is inserted into the traditional DNS hierarchy and is closely integrated with the Cisco CSS, Cisco Content Switching Module (CSM), or third-party server load balancers (SLBs) to monitor the health and load of the SLBs in customers data centers. The GSS uses this information and user-specified routing algorithms to select the best-suited and least-loaded data center in real time.

A vulnerability exists in the GSS when processing a specific sequence of DNS requests. An exploit of the vulnerability may result in a crash of the DNS service on the GSS.

When the DNS server crashes, an error message will appear in the logs similar to the following example:

Dec 18 04:47:21 gss NMR-6-LAUNCHSVR_EXIT[27261] dnsserver’ has exited [ExitUnknown(139)]”
This vulnerability is documented in Cisco Bug ID: CSCsj70093 ( registered customers only)

This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-3819.

Impact
Successful exploitation of the vulnerability may result in a crash of the GSS DNS service. Repeated exploitation may result in a sustained denial of service (DoS) attack.

More info on http://www.cisco.com/…/products_security_advisory09186a0080a57481.shtml