Below are resources for corporate users related to the developments associated with the new DNS vulnerabilities. The CERT advisory has an excellent list of vendors and their current status for this issue. It is important to apply applicable security patches for DNS servers as quickly as possible due to active exploit development.

So far, two versions of exploit code have been developed for this vulnerability. While the first exploit affects DNS caching, security researcher, H.D. Moore has developed a more potent second exploit that can replace nameserver entries with the potential to redirect traffice to malicious sites (e.g., malware downloading, phishing attacks, etc).

In some ways, this new security exposure is reminiscent of the Code Red Worm and Blaster attacks during the earlier part of this decade. While security patches were available, many companies did not have the time or insight to patch all of their potential exposures. While there's time, security administrators should PATCH NOW.

ARTICLES: Major DNS vulnerability now public
http://cwflyris.computerworld.com/t/3374560/1676699/127883/2/
http://isc.sans.org/diary.html?storyid=4765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://cwflyris.computerworld.com/t/3374560/1676699/127883/2/
http://blog.trendmicro.com/major-dns-cache-poisoning-vulnerability-patch-now/
http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=209401195
http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html

QUOTE: "Patch. Today. Now. Yes, stay late." - That's the word from security researcher Dan Kaminsky, who recently presided over an unprecedented effort to coordinate a fix for a DNS vulnerability across more than 80 software and hardware vendors

Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said Dave Aitel, chief technology officer at security vendor Immunity Inc. His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. "It's not that hard," he said. "You're not looking at a DNA-cracking effort."

The attack can be used to redirect victims to malicious servers on the Internet by targeting the DNS servers that serve as signposts for all of the Internet's traffic. By tricking an ISP's servers into accepting bad information, attackers could redirect that company's customers to malicious Web sites without their knowledge.

Although a software fix is now available for most users of DNS software, it can take time for these updates to work their way through the testing process and actually get installed on the network. "Most people have not patched yet," Vixie said. "That's a gigantic problem for the world."

EXPLOIT DEVELOPMENTS: Second more critical exploit in the wild
http://blog.wired.com/27bstroke6/2008/07/dns-exploit-in.html

QUOTE: We just added a second exploit which replaces the nameservers of the target domain. This is the bug people should actually care about, since it doesn't matter if anything is already cached. Regarding the cache situation (of the first exploit) -- it's not possible to do cache overwrites, but it is possibe to look up the cache timeout, wait for it, and then replace it. With the new exploit module, we just change the DNS server for the entire domain (regardless of what is cached), so it's much more effective for wide-scale hijacking.

Microsoft DNS Patch should be applied ASAP
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

CERT Advisory - Provides a detailed status report by vendor
http://www.kb.cert.org/vuls/id/800113

Vendor Status - Date Last Updated (see CERT advisory above for more recent updates)

3com, Inc. Unknown 10-Jul-2008
Alcatel-Lucent Unknown 23-Jul-2008
Apple Computer, Inc. Unknown 5-May-2008
AT&T Unknown 21-Apr-2008
Avaya, Inc. Vulnerable 16-Jul-2008
Avici Systems, Inc. Unknown 21-Apr-2008
Belkin, Inc. Unknown 13-Jul-2008
Blue Coat Systems Vulnerable 22-Jul-2008
BlueCat Networks, Inc. Vulnerable 22-Jul-2008
Check Point Software Technologies Not Vulnerable 23-Jul-2008
Cisco Systems, Inc. Vulnerable 10-Jul-2008
Conectiva Inc. Unknown 5-May-2008
Cray Inc. Unknown 5-May-2008
D-Link Systems, Inc. Unknown 2-May-2008
Data Connection, Ltd. Unknown 21-Apr-2008
Debian GNU/Linux Vulnerable 9-Jul-2008
djbdns Not Vulnerable 10-Jul-2008
dnsmasq Vulnerable 11-Jul-2008
DragonFly BSD Project Unknown 3-Jul-2008
EMC Corporation Unknown 21-Apr-2008
Engarde Secure Linux Unknown 5-May-2008
Ericsson Unknown 21-Apr-2008
Extreme Networks Unknown 21-Apr-2008
F5 Networks, Inc. Vulnerable 14-Jul-2008
Fedora Project Unknown 5-May-2008
Force10 Networks, Inc. Not Vulnerable 11-Jul-2008
Foundry Networks, Inc. Not Vulnerable 10-Jul-2008
FreeBSD, Inc. Vulnerable 14-Jul-2008
Fujitsu Vulnerable 18-Jul-2008
Gentoo Linux Vulnerable 12-Jul-2008
Gnu ADNS Unknown 5-May-2008
GNU glibc Unknown 5-May-2008
Hewlett-Packard Company Vulnerable 16-Jul-2008
Hitachi Unknown 21-Apr-2008
Honeywell Unknown 21-Apr-2008
IBM Corporation Vulnerable 12-Jul-2008
IBM Corporation (zseries) Unknown 5-May-2008
IBM eServer Unknown 21-Apr-2008
Infoblox Vulnerable 21-Jul-2008
Ingrian Networks, Inc. Unknown 5-May-2008
Intel Corporation Unknown 21-Apr-2008
Internet Systems Consortium Vulnerable 14-Jul-2008
JH Software Not Vulnerable 10-Jul-2008
Juniper Networks, Inc. Vulnerable 10-Jul-2008
Linux Kernel Archives Unknown 3-Jun-2008
Lucent Technologies Unknown 21-Apr-2008
Luminous Networks Unknown 21-Apr-2008
Mandriva, Inc. Vulnerable 22-Jul-2008
MaraDNS Not Vulnerable 10-Jul-2008
Men & Mice Unknown 5-May-2008
Metasolv Software, Inc. Unknown 5-May-2008
Microsoft Corporation Vulnerable 8-Jul-2008
MontaVista Software, Inc. Unknown 5-May-2008
Motorola, Inc. Unknown 21-Apr-2008
Multinet (owned Process Software Corporation) Unknown 21-Apr-2008
Multitech, Inc. Unknown 21-Apr-2008
NEC Corporation Not Vulnerable 18-Jul-2008
NetApp Unknown 3-Jul-2008
NetBSD Unknown 5-May-2008
Netgear, Inc. Unknown 21-Apr-2008
Network Appliance, Inc. Unknown 21-Apr-2008
Nixu Vulnerable 9-Jul-2008
NLnet Labs Not Vulnerable 10-Jul-2008
Nokia Unknown 21-Apr-2008
Nominum Vulnerable 10-Jul-2008
Nortel Networks, Inc. Unknown 21-Apr-2008
Novell, Inc. Vulnerable 14-Jul-2008
OpenBSD Vulnerable 24-Jul-2008
OpenDNS Not Vulnerable 10-Jul-2008
Openwall GNU/*/Linux Vulnerable 17-Jul-2008
PePLink Not Vulnerable 10-Jul-2008
Posadis project Unknown 14-Jul-2008
PowerDNS Not Vulnerable 10-Jul-2008
QNX, Software Systems, Inc. Unknown 5-May-2008
Red Hat, Inc. Vulnerable 10-Jul-2008
Redback Networks, Inc. Unknown 21-Apr-2008
Secure Computing Network Security Division Vulnerable 17-Jul-2008
Shadowsupport Unknown 5-May-2008
Siemens Unknown 8-Jul-2008
Silicon Graphics, Inc. Unknown 5-May-2008
Slackware Linux Inc. Vulnerable 12-Jul-2008
Sony Corporation Unknown 21-Apr-2008
Sun Microsystems, Inc. Vulnerable 10-Jul-2008
SUSE Linux Vulnerable 11-Jul-2008
The SCO Group Unknown 5-May-2008
Trustix Secure Linux Unknown 5-May-2008
Turbolinux Unknown 5-May-2008
Ubuntu Vulnerable 10-Jul-2008
Wind River Systems, Inc. Vulnerable 9-Jul-2008
ZyXEL Unknown 21-Apr-2008