Security researcher, Dan Kaminsky has reported that an eight-year-old bug in the Internet’s Domain Name Service (DNS) could be used to widely spread malware. In fact, the bug is so critical that a potential hacker could take over the victim’s computer remotely by exploiting it.
Kaminsky says a flaw found in the Gnu C standard library, aka “glibc,” can trick browsers into looking up shady domain names. Servers could then reply with overly-long DNS names, causing a buffer overflow in the victim’s software. That would in turn let hackers execute code remotely and possibly take over a machine.
The bug is new and has been around since May 2008. Kaminsky said “the buggy code has been around for quite some time, so it’s really worked its way across the globe.” In other words, it could ages for the fix to be applied broadly.