196 matches found
dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled
A flaw was found in dnsmasq. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a...
dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled
A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary da...
DEBIAN-CVE-2020-25829
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This result...
PowerDNS Recursor Input Validation Error Vulnerability
PowerDNS Recursor pdnsrecursor is a domain name resolution server from the Dutch company PowerDNS. A security vulnerability exists in PowerDNS Recursor versions 4.1.0 through 4.3.0 that stems from a failure to properly validate DNSSEC signatures. An attacker could exploit the vulnerability to...
DNSSEC validation fails when incorrect response to DNSKEY query is sent on Windows Server 2012 R2-based DNS server
DNSSEC validation fails when incorrect response to DNSKEY query is sent on Windows Server 2012 R2-based DNS server This article describes an issue in which the Domain Name System Security Extensions DNSSEC validation fails on a Windows Server 2012 R2-based DNS server. Before you install this...
The vulnerability of the DNS resolver, knot resolver, arises due to insufficient validation of input data. This allows attackers to convert a domain protected by DNSSEC into a domain that is no longer protected by DNSSEC.
The vulnerability of the DNS resolver, Knot Resolver, exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to convert a domain protected by DNSSEC into a domain that is no longer protected by DNSSEC...
Google & Mozilla ban Avast security extensions over data snooping
By Sudais In this specific case, it was Avast & AVG Security whose two browser extensions each have been found spying on users... This is a post from HackRead.com Read the original post: Google & Mozilla ban Avast security extensions over data snooping...
systemd: systemd-resolved allows unprivileged users to configure DNS
An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the...
USN-3715-1 dns-root-data update
This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover and refreshes the list of root hints...
ALPINE-CVE-2017-15107
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist...
DEBIAN-CVE-2017-15107
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist...
UBUNTU-CVE-2017-15094
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or...
UBUNTU-CVE-2017-15090
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of...
DNSSEC Key Signing Key Rollover
On October 11, 2017, the Internet Corporation for Assigned Names and Numbers ICANN will be changing the Root Zone Key Signing Key KSK used in the domain name system DNS Security Extensions DNSSEC protocol. DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is...
bind: assertion failure while handling a query response containing inconsistent DNSSEC information
A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...
bind: assertion failure while handling a query response containing inconsistent DNSSEC information
A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...
DEBIAN-CVE-2016-9147
named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service assertion failure and daemon exit via a response containing an inconsistency among the DNSSEC-related RRsets...
Firefox Security Toolkit
Firefox Security Toolkit will download the most important security extensions and add them all into your browser. All the extensions have been chosen by a survey among the information security community. Based on the results, the Firefox Security Toolkit was made. Also, the Firefox Security Toolk...
bind: malformed DNSSEC key failed assertion denial of service
A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query for example, a query requiring a response from a zone containing a deliberately malformed key that would cause named functioning as ...
UBUNTU-CVE-2015-4620
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit by constructing crafted zone data and then...