1248 matches found
CVE-2012-3411
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via a spoofed DNS query...
Medium: dnsmasq
Issue Overview: It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of...
Scientific Linux Security Update : dnsmasq on SL6.x i386/x86_64 (20130221)
It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS...
bind security update
CentOS Errata and Security Advisory CESA-2013:0550 Updated bind packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scorin...
RedHat Update for dnsmasq RHSA-2013:0277-02
Check for the Version of dnsmasq OpenVAS Vulnerability Test RedHat Update for dnsmasq RHSA-2013:0277-02 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
RedHat Update for bind RHSA-2013:0550-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
RHEL 6 : dnsmasq (RHSA-2013:0277)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0277 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. It was...
libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via a spoofed DNS query...
PT-2013-1604 · Dnsmasq +3 · Dnsmasq +3
Name of the Vulnerable Software and Affected Versions: Dnsmasq versions prior to 2.63test1 Description: The issue allows remote attackers to cause a denial of service, specifically through traffic amplification, by sending a spoofed DNS query. This occurs when Dnsmasq is used with certain...
Attackers Turn to Open DNS Resolvers to Amplify DDoS Attacks
Although DDoS attacks have been a serious problem for more than a decade now and security staffs have a good handle on how they’re executed and how to handle them, attackers constantly adjust their tactics in order to defeat the best defenses available. One of the more recent tactics adopted by...
Researchers Find Flaw in Dirt Jumper Bot
A team of researchers has discovered a weakness in the command-and-control infrastructure of one of the major DDoS toolkits, Dirt Jumper, that enables them to stop attacks that are in progress. The discovery gives the researchers the ability to access the back-end servers that control the attack...
WikiLeaks Back Online after Sustained DDoS Attack
The controversial document-sharing site WikiLeaks was back online Monday evening after sustaining a week-long distributed denial-of-service attack. The organization apparently received some extra capacity and assistance from Web performance and security firm Cloudfare to counter the 10 gigabits p...
Quake 3 / ioquake3 traffic amplification vulnerability
Source of getstatus UDP message is not checked...
Traffic amplification via Quake 3-based servers
It has been discovered that spoofed "getstatus" UDP requests are being used by attackers0123 to direct status responses from multiple Quake 3-based servers to a victim, as a traffic amplification mechanism for a denial of service attack on that victim. Open-source games derived from the Quake 3...
[SECURITY] [DSA 2442-2] openarena regression
------------------------------------------------------------------------- Debian Security Advisory DSA-2442-2 [email protected] http://www.debian.org/security/ Florian Weimer March 31, 2012 http://www.debian.org/security/faq -...
DSA-2442-2 openarena - UDP traffic amplification
Bulletin has no description...
Debian DSA-2442-2 : openarena - UDP traffic amplification
It has been discovered that spoofed 'getstatus' UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine such as openarena. These servers respond with a packet flood to the victim whose IP address was impersonated by the attackers, causing a denial of...
[SECURITY] [DSA 2442-1] openarena security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2442-1 [email protected] http://www.debian.org/security/ Florian Weimer March 26, 2012 http://www.debian.org/security/faq -...
DSA-2442-1 openarena - UDP traffic amplification
Bulletin has no description...
FreeBSD : Multiple implementations -- DoS via hash algorithm collision (91be81e7-3fea-11e1-afc7-2c4138874f7d)
oCERT reports : A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particul...