Debian DSA-1603-1 : bind9 - DNS cache poisoning

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's BIND 9 packages to implement the recommended...

bind: implement source UDP port randomization (CERT VU#800113)

The DNS protocol, as implemented in 1 BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 2 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referral...

DSA-1604-1 bind - DNS cache poisoning

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. The BIND 8 legacy code base could not be updated to include the recommended...

FreeBSD -- DNS cache poisoning

Problem Description: The BIND DNS implementation does not randomize the UDP source port when doing remote queries, and the query id alone does not provide adequate randomization. Impact: The lack of source port randomization reduces the amount of data the attacker needs to guess in order to...

Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability

Description Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to...

DSA-1603-1 bind9 - cache poisoning

Bulletin has no description...

Paper by Amit Klein (Trusteer): "PowerDNS Recursor DNS Cache Poisoning [pharming]"

Hello BugTraq Once again, a DNS cache poisoning against a popular DNS cache server. This time, it's PowerDNS the third most popular DNS server, servicing over 40 million users. The vendor coded several impressive security measures against DNS spoofing e.g. UDP source port randomization and spoofe...

CheckPoint Secure Platform Multiple Buffer Overflows

Hi all, we have published a paper about CheckPoint Firewall-1 vulnerabilities. The platform tested is the Secure Platform R60. We have found many buffer overflows. Most of them are located in command line utilities that can be exploited locally. A very few of them maybe can be exploited remotely,...

Moderate: kernel security and bugfix update

2.6.9-55.0.6.0.1 - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix for nfs open call taking longer issue Chuck Lever orabug 5580407 bz 219412 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with rds Zach...

Diskeeper 9 Remote Memory Disclosure Exploit

No description provided by source. / Diskeeper Remote Memory Disclosure Credit: Pravus pravus -a-t- hush -d-o-t- com Greetz: Scientology for making a remotely accessible disk defragmenter. Felix, Jenna, and Isaac. Vulnerability Description: This vulnerability involves a memory comparison function...

Remote Memory Read in Diskeeper 9 - 2007

Diskeeper Remote Memory Disclosure Credit: Pravus pravus -a-t- hush -d-o-t- com Greetz: Scientology for making a remotely accessible disk defragmenter. Felix, Jenna, and Isaac. Vulnerability Description: This vulnerability involves a memory comparison function that is remotely, anonymously...

Diskeeper 9 - Remote Memory Disclosure

/ Diskeeper Remote Memory Disclosure Credit: Pravus pravus -a-t- hush -d-o-t- com Greetz: Scientology for making a remotely accessible disk defragmenter. Felix, Jenna, and Isaac. Vulnerability Description: This vulnerability involves a memory comparison function that is remotely, anonymously...

exp_call_rand.pl.txt

!/usr/bin/perl -w use strict; expcallrand.pl Mon Apr 3 19:17:14 CEST 2006 Exploit solution against 2.6 stack randomization Using the "call %edx" technic. Copyright: bunker - http://rawlab.altervista.org 37F1 A7A1 BB94 89DB A920 3105 9F74 7349 AF4C BFA2 EXPLANATION: In 2.6 kernel we have a ghost...

exp_jmp_rand.pl.txt

!/usr/bin/perl -w use strict; expjmprand.pl Mon Apr 3 19:17:14 CEST 2006 Exploit solution against 2.6 stack randomization Using the "jmp %esp" technic. Copyright: bunker - http://rawlab.altervista.org 37F1 A7A1 BB94 89DB A920 3105 9F74 7349 AF4C BFA2 EXPLANATION: In 2.6 kernel we have a ghost...

Python <= 2.4.2 realpath() Local Stack Overflow Exploit

No description provided by source. !/usr/bin/python gexp-python.py Python = 2.4.2 realpath Local Stack Overflow ----------------------------------------------- Against VA Space Randomization. Copyright c 2006 Gotfault Security Bug found and developed by: dx/vaxen Gotfault Security, posidron Tripb...

Python 2.4.2 - realpath() Local Stack Overflow

Python 2.4.2 - realpath Local Stack Overflow !/usr/bin/python gexp-python.py Python vuln.py; python vuln.py' os.remove"vuln.py" os.chdirbase os.removedirsdir milw0rm.com 2006-03-18...

Python 2.4.2 - 'realpath()' Local Stack Overflow

!/usr/bin/python gexp-python.py Python vuln.py; python vuln.py' os.remove"vuln.py" os.chdirbase os.removedirsdir milw0rm.com 2006-03-18...

Microsoft IIS - HTTP Request Denial of Service (2)

!/usr/bin/perl really bored kokanin / IIS 5.1 dos thing, Inge says to use a browser at http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html kokanin not like puny browser!!"1 I hoped Inge was a leet haxx0r ch1ck, but it's apparently a dude, bummer. According to Inge...

HP-UX PHNE_26771 : HP-UX Running ARPA Transport, Advisory, RFC 1948 ISN Randomization (HPSBUX00205 SSRT080009 rev.3)

s700800 11.00 cumulative ARPA Transport patch : TCP Initial Sequence Number ISN randomization specified in RFC 1948 is available for HP-UX. References: CVE-2001-0328, CERT CA-2001-09. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were...

HP-UX PHNE_26101 : HP-UX Running ARPA Transport, Advisory, RFC 1948 ISN Randomization (HPSBUX00205 SSRT080009 rev.3)

s700800 11.04 VVOS cumulative ARPA Transport patch : TCP Initial Sequence Number ISN randomization specified in RFC 1948 is available for HP-UX. References: CVE-2001-0328, CERT CA-2001-09. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin we...