>

Automatic DNS registration and proxy autodiscovery allow spoofing of network services

Categories: Xirrus Wi-Fi, SteelConnect, Security
Solution Number: S32743

Issue

CERT has released a Vulnerability Note outlining an attack that would allow an attacker to compromise the confidentiality and integrity of a misconfigured network if the attacker adds a specifically configured proxy device to the network.

CERT vulnerability note: https://www.kb.cert.org/vuls/id/598349

If an attacker has access to a LAN, the attacker could add a malicious device to the network with the name "WPAD".  This could allow the attacker to utilize DNS auto-registration and auto-discovery to act as a proxy for victims on the network, resulting in a loss of confidentiality and integrity of network activity.  ISATAP autodiscovery names may also be similarly exploitable.

This vulnerability is known to affect Xirrus Acces Points.  Riverbed is still investigating whether it's SDI appliances are vulnerable.

Solution

For Xirrus products:  WLAN routers/access points should not auto-register DNS magic names related to auto-configuration.  Auto-discovery features should not accept mDNS based names as authoritative sources.

Environment

Index: CERT Vulnerability Note VU#598349
VU598349
598349
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Last Modified: 2018-10-08
Can't find an answer? Create a case