nginx代理DNS缓存域欺骗漏洞

BUGTRAQ ID: 36438 nginx是多平台的HTTP服务器和邮件代理服务器。 nginx对解析过的域名维护一个内部的DNS缓存，但在搜素缓存时，nginx仅检查名称的crc32是否匹配以及短名称是长名称的前缀，但没有检查名称的长度是否相等。如果nginx配置为代理缓存的话，远程攻击者就可以通过DNS投毒攻击欺骗域名，诱骗用户相信所访问的域名为合法。 Igor Sysoev nginx 0.8.x Igor Sysoev nginx 0.7.x Igor Sysoev nginx 0.6.x Igor Sysoev nginx 0.5.x 厂商补丁： Igor Sysoev...

openSUSE Security Update : xerces-j2 (xerces-j2-1233)

The xerces-j2 package was vulnerable to various bugs while parsing XML.CVE-2009-2625 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update xerces-j2-1233. The text...

[SECURITY] Fedora 10 Update: bind-9.5.1-3.P3.fc10

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

[SECURITY] Fedora 11 Update: bind-9.6.1-4.P1.fc11

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

HP-UX Update for DNS and Resolver Libraries HPSBUX00209

Check for the Version of DNS and Resolver Libraries OpenVAS Vulnerability Test HP-UX Update for DNS and Resolver Libraries HPSBUX00209 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute ...

HP-UX Update for DNS and Resolver Libraries HPSBUX00209

Check for the Version of DNS and Resolver Libraries OpenVAS Vulnerability Test HP-UX Update for DNS and Resolver Libraries HPSBUX00209 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute ...

Mandriva Linux Security Advisory : ruby (MDVSA-2008:226)

A denial of service condition was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite loop and crash CVE-2008-3443. A number of flaws were found in Ruby that could allow an attacker ...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ruby1.8 vulnerabilities (USN-651-1)

Akira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program...

Mandriva Update for ruby MDVSA-2008:226 (ruby)

Check for the Version of ruby OpenVAS Vulnerability Test Mandriva Update for ruby MDVSA-2008:226 ruby Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Ubuntu Update for ruby1.8 vulnerabilities USN-651-1

Ubuntu Update for Linux kernel vulnerabilities USN-651-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6511.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for ruby1.8 vulnerabilities USN-651-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

CVE-2009-0234

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted...

CVE-2009-0233

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict...

Input validation

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted...

Input validation

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict...

CVE-2009-0234

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted...

CVE-2009-0233

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict...

RedHat Update for dnsmasq RHSA-2008:0789-01

Check for the Version of dnsmasq OpenVAS Vulnerability Test RedHat Update for dnsmasq RHSA-2008:0789-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RedHat Update for ruby RHSA-2008:0896-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2008:0896-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

RedHat Update for ruby RHSA-2008:0896-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2008:0896-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

RedHat Update for ruby RHSA-2008:0897-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2008:0897-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...