Fedora Update for knot-resolver FEDORA-2017-7a7ea1cf50

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for knot-resolver FEDORA-2017-31519ecf40

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 27 Update: knot-resolver-1.5.0-1.fc27

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

[SECURITY] Fedora 26 Update: knot-resolver-1.5.0-1.fc26

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

Layered Security Without the Layered Complexity

With the recent influx of news reports regarding security incidents, more Chief Information Security Officers CISOs, Chief Information Officers CIOs, and IT professionals are reviewing current security infrastructures, policies, and practices to identify potential weaknesses in their security...

Popular Pentesting Scanner: v3n0m

v3n0m is a free and open source scanner. Evolved from baltazar’s scanner, it has adapted several new features that improve functionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and...

HackerOne: Blind SSRF in "Integrations" by abusing a bug in Ruby's native resolver.

Summary HackerOne allows bug bounty programs to integrate their reports queue with issue tracking tools such as Jira and Phabricator. By abusing a bug that I discovered in Ruby's native resolver, I am able to bypass the SSRF filter and could potentially scan your internal network. Vulnerability...

Fedora 26 : glibc (2017-2c63df4fe3)

This update addresses various minor issues in the glibc package : - The DNS stub resolver now picks up changes to /etc/resolv.conf automatically RHBZ1374239. - The DNS stub resolver supports an unlimited number of search domains RHBZ168253. - CVE-2015-5180, a segmentation fault potentially...

GHSA-R7Q2-5GQG-6C7Q actionpack Improper Input Validation vulnerability

The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...

DNS Diagnostics & Performance Measurement Tools: DNSDiag

Ever been wondering if your ISP is hijacking your DNS traffic ? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to ma...

CVE-2017-12236

A vulnerability in the implementation of the Locator/ID Separation Protocol LISP in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier EID to a Routing Locator RLO...

Authentication flaw

A vulnerability in the implementation of the Locator/ID Separation Protocol LISP in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier EID to a Routing Locator RLO...

Cisco IOS XE Software Authentication Bypass Vulnerability

Cisco IOS XE is an operating system developed by the American company Cisco Cisco for its network equipment. A security vulnerability exists in the implementation of the Locator/ID Separation Protocol LISP in Cisco IOS XE. A remote attacker could exploit this vulnerability to bypass authenticatio...

Tcpdump DNS Resolver Source Denial of Service Vulnerability

Tcpdump is a set of sniffing tools developed by the Tcpdump team that run at the command line. The tools allow users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer.DNS parser is one of the Domain Name System DNS resolvers. A denial of...

GNU C Library DNS Spoofing Vulnerability

The GNU C Library a.k.a. glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A security vulnerability exists in the DNS stub resolver in the GNU C Library. An attacker can exploit this vulnerability to perform a DNS spoofing attack...

Command Injection

Overview Affected versions of dns-sync have an arbitrary command execution vulnerability in the resolve method. Recommendation - Use an alternative dns resolver - Do not allow untrusted input into dns-sync.resolve References - Issue 1 - Commit d9abaae...

kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user

It was discovered that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyri...

Gloom-Framework: Security Framework For Kali Linux

PenTestIT RSS Feed This short post is about a new penetration testing toolkit/framework in the market, which was specifically built for Kali Linux. The name is Gloom-Framework. It is coded in Python and is also open source with a few dependencies. What is Gloom-Framework? Gloom-Framework is an op...

bind: Too long query name causes segmentation fault in lwresd

It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or...

What makes a good "DNS Blacklist"? - Part 1

Reflections on Modern Actionable Threat Intelligence used to turn a DNS Resolver into a Critical Security Tool Akamai has just launched the Enterprise Threat Protection ETP platform. ETP is built on Akamai's global AnswerX Cloud that now reaches 28 countries and is expanding to new countries ever...