CVE-2022-33990

CVE-2022-33990 affects dproxy-nexgen (dproxy nexgen). The issue stems from misinterpretation of special domain name characters causing domain names and their IP addresses to be cached in the misinterpreted form, enabling cache poisoning. The CVSS 3.1 base score is 7.5 (Network, Low attack complex...

CVE-2022-33991

dproxy-nexgen aka dproxy nexgen forwards and caches DNS queries with the CD aka checking disabled bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers...

CVE-2022-33990

Misinterpretation of special domain name characters in dproxy-nexgen aka dproxy nexgen leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form...

CVE-2022-33991

CVE-2022-33991 affects dproxy-nexgen (dproxy nexgen), a DNS proxy/cache. The root issue is that it forwards and caches DNS queries with the CD (Check Disabled) bit set to 1, which disables DNSSEC protection from upstream resolvers. The CVE details provided show a CVSS v3.1 base score of 5.3 (Netw...

CVE-2022-33988

dproxy-nexgen aka dproxy nexgen re-uses the DNS transaction id TXID value from client queries, which allows attackers able to send queries to the resolver to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker...

CVE-2022-33988

CVE-2022-33988 affects dproxy-nexgen (DNS proxy). The issue is the reuse of the DNS TXID from client queries, enabling an attacker who can send queries to the resolver to perform DNS cache poisoning. Exploitation status is not detailed in the provided documents; no concrete patch/version remediat...

dproxy 安全漏洞

dproxy is an intelligent caching DNS proxy by Matthew Pratt, a personal developer. A security vulnerability exists in dproxy that stems from setting the CD aka Check Disabled bit to 1, which causes the DNSSEC protection provided by the upstream resolver to be disabled...

dproxy 环境问题漏洞

dproxy is an intelligent caching DNS proxy from the personal developer Matthew Pratt. A security vulnerability exists in dproxy that stems from its reuse of DNS transaction ID values from client queries leading to an attacker performing a DNS cache poisoning attack...

PT-2022-21953 · Unknown · Dproxy-Nexgen

Name of the Vulnerable Software and Affected Versions: dproxy-nexgen affected versions not specified Description: The issue concerns dproxy-nexgen forwarding and caching DNS queries with the CD bit set to 1, which leads to the disabling of DNSSEC protection provided by upstream resolvers...

PT-2022-21951 · Unknown · Dproxy-Nexgen

Name of the Vulnerable Software and Affected Versions: dproxy-nexgen affected versions not specified Description: The issue allows DNS cache poisoning due to the use of a static UDP source port with insufficient entropy to prevent traffic injection attacks. This occurs because dproxy-nexgen selec...

dproxy 安全漏洞

dproxy is an intelligent caching DNS proxy by Matthew Pratt, a personal developer. A security vulnerability exists in dproxy, which stems from the fact that its incorrect resolution of special domain name characters can lead to cache poisoning, as domain names and their associated IP addresses ar...

PT-2022-21950 · Unknown · Dproxy-Nexgen

Name of the Vulnerable Software and Affected Versions: dproxy-nexgen affected versions not specified Description: The issue allows attackers to conduct DNS cache-poisoning attacks because the DNS transaction id TXID value from client queries is re-used. This enables attackers, who can send querie...

dproxy 安全特征问题漏洞

dproxy is an intelligent caching DNS proxy from the personal developer Matthew Pratt. dproxy suffers from a security vulnerability that stems from the use of static UDP source ports randomly selected only at startup in the upstream queries it sends to DNS resolvers. This allows the DNS cache to b...

PT-2022-21952 · Unknown · Dproxy-Nexgen

Name of the Vulnerable Software and Affected Versions: dproxy-nexgen affected versions not specified Description: The issue arises from the misinterpretation of special domain name characters in dproxy-nexgen, leading to cache poisoning. This occurs because domain names and their associated IP...

dproxy <= 0.5 - Remote Buffer Overflow Exploit (meta 2.7)

No description provided by source. MetaSploit exploit for remote buffer overflow issue in dproxy Written in 2007 by Alexander Klink c 2007 Cynops GmbH released under the same license as MSF Artistic, GPL dual-licensed $Revision: 1.1 $ package Msf::Exploit::dproxy; use strict; use base...

CVE-2007-1866

Stack-based buffer overflow in the dnsdecodereversename function in dnsdecode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than CVE-2007-1465...

CVE-2007-1866

CVE-2007-1866 involves a stack-based buffer overflow in the dns_decode_reverse_name function of the dproxy-nexgen project (dns_decode.c). The vulnerability allows remote attackers to gain arbitrary code execution by sending a crafted UDP DNS packet to port 53. This is a remote-exploit scenario wi...

dproxy-nexgen Remote Root Buffer Overflow Exploit (x86-lnx)

No description provided by source. / dproxy-v1.c Copyright c 2007 by dproxy-nexgen remote root exploit x86-lnx by mu-b - Mar 2007 - Tested on: dproxy-nexgen .tar.gz This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as publish...

dproxy DNS proxy buffer overflow

Buffer overflow on oversized DNS request UDP packet UDP/53...

[Full-disclosure] dproxy-nexgen remote

attached is an exploit for the latest dproxy-nexgen, seems the latest version is just as bad as the previous dproxy-0.5... problem exists because of lack of NULL checking in dnsdecodereversename... -- mu-b [email protected] "Only a few people will follow the proof. Whoever does will spend the...