Point of view – CVE-2020-1350 Windows DNS Server RCE (14th Jul 2020)

Preface: Perhaps we ignore DNS server side design weakness so far. It is on the way impacting cyber security world.

Background: DNS is a hierarchical client-server protocol. Each domain is served by one or more DNS servers, meaning requests for subdomains are sent to these servers. Replies can also be cached by intermediate servers in order to improve performance.

(CVE-2020-1350) Vulnerability detail: A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests.

Official detail – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

Observation: The RDLENGTH bounds-check design weakness may relate to trigger this flaw. If pointer overflows wrap around (undefined behaviour) this would allow an attacker to circumvent the bounds-check and exposes a buffer overflow vulnerability since the attacker controlled addrlen is later used in memcpy(addr_out, bufpos, addrlen), potentially allowing a code execution.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.