EUVD-2017-10476

Malware in sbrugna...

CVE-2020-11091

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...

GHSA-59QG-GRP7-5R73 Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements

Impact An attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 on the kernel cmdline, it wi...

Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements

Impact An attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 on the kernel cmdline, it wi...

containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters

A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending “rogue” IPv6 router advertisements to the host or other containers, t...

containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters

A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending “rogue” IPv6 router advertisements to the host or other containers, t...

containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters

A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending “rogue” IPv6 router advertisements to the host or other containers, t...

containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters

A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending “rogue” IPv6 router advertisements to the host or other containers, t...

containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters

A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending “rogue” IPv6 router advertisements to the host or other containers, t...

kubernetes kubeadm-ha-setup kubernetes-cni kubernetes-cni-plugins security update

kubernetes 1.12.10-1.0.12 - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager kubeadm-ha-setup 0.0.2-1.0.70 - Enhance image tag read to depend on kubeadm-registry.sh for CVE release...

Man-in-the-Middle (MtiM)

github.com/weaveworks/weave is vulnerable to Man-in-the-Middle MtiM. IPv4 only clusters allows for MitM attacks via IPv6 rogue router advertisements if an attacker is able to run a process as root in a container and is able to respond to DNS requests from the host...

CVE-2020-11091 Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...

PT-2020-12547 · Weave · Weave Net

Name of the Vulnerable Software and Affected Versions: Weave Net versions prior to 2.6.3 Description: An attacker able to run a process as root in a container can respond to DNS requests from the host and insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is...

CVE-2017-1460

IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379...

CVE-2017-1460

IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379...

CVE-2017-1460

IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379...