95 matches found
AZL-9702 CVE-2022-30295 affecting package uclibc-ng for versions less than 1.0.41-1
uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...
CVE-2022-30295
uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...
Design/Logic Flaw
uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...
CVE-2022-30295
uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...
HCC Embedded InterNiche 安全特征问题漏洞
HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche that stems from a DNS client not setting enough random transaction ids in the DNSv4 component.An attacker can exploit this vulnerability to pass specially crafted inputs to the application...
Insecure Random Generator
github.com/miekg/dns uses an insecure random generation for transaction IDs. The default Id function uses an insecure math/rand function, resulting in predictable output and allowing an attacker to exploit the vulnerability to forge responses without being on path...
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money
ARCHIVED STORY McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money By John Fokker · October 14, 2019 Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandCrab, the mos...
uIP and lwIP DNS resolver vulnerable to cache poisoning
Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs TXIDs and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP...
Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. To exploit th...
CVE-2010-1689
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...
CVE-2010-1690
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...
CVE-2010-1689
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...
CVE-2010-1689
The Red Hat and NVD entries confirm concrete details for CVE-2010-1689 and CVE-2010-1690: the DNS handling in smtpsvc.dll on Windows and Exchange product lines prior to specific builds uses predictable DNS transaction IDs (CVE-2010-1689) and does not verify that response IDs match queries (CVE-20...
Input validation
The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict...
CVE-2009-0233
The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict...
CVE-2009-0233
CVE-2009-0233 is the DNS Resolver Cache Service (DNSCache) vulnerability in Windows DNS Server. When dynamic updates are enabled, the server may fail to reuse cached DNS responses in all scenarios, enabling remote attackers to predict transaction IDs and poison caches by sending crafted DNS queri...
CVE-2009-0234
The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted...
CentOS Update for irb CESA-2008:0896 centos3 i386
Check for the Version of irb OpenVAS Vulnerability Test CentOS Update for irb CESA-2008:0896 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020, 945553)
The remote host is probably affected by the vulnerability described in CVE-2008-0087 SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
ruby -- DNS spoofing vulnerability
The official ruby site reports: resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports...