Summary
This advisory document provides situational awareness regarding recent findings on the implications of purchasing a WHOIS server domain. It outlines the potential security risks associated with malicious control of a WHOIS server, including the possibility of man-in-the-middle attacks and remote code execution on vulnerable legacy servers. The document details a case where security researchers acquired an expired WHOIS domain and observed significant interaction with various systems, including government and military servers. The researchers demonstrated how vulnerabilities in outdated WHOIS clients could be exploited to execute arbitrary commands. The advisory raises concerns about the integrity of internet communications, particularly regarding SSL/TLS certificates. Additionally, it presents two key recommendations for organizations: maintaining an updated repository of registered domains and ensuring that all internet-facing software is kept up to date to mitigate vulnerabilities. These recommendations aim to enhance security and awareness in light of the vulnerabilities identified in the WHOIS infrastructure.
