8 matches found
K09604370: Linux kernel vulnerability CVE-2020-25705
Security Advisory Description A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this...
K41440465: BIG-IP TMM vulnerability CVE-2022-26071
Security Advisory Description A flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel TMM allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. CVE-2022-26071 Impact A...
F5 BIG-IP security feature issue vulnerability
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IP has a security feature issue vulnerability that can be exploited by an attacker to determine the open UDP User Datagram Protocol source port of...
New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks
Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path...
F5 Networks BIG-IP : Linux kernel vulnerability (K09604370)
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
Security Advisory 2020-12-09-1 - Linux kernel - ICMP rate limiting can be used to facilitate DNS poisoning attack (CVE-2020-25705)
DESCRIPTION A flaw has been found in the ICMP rate limiting algorithm of the Linux kernel. This flaw allows an off-path attacker to quickly determine open ephemeral ports that are used by applications making outbound connections. This can be exploited by an off-path attacker to more easily perfor...
Vulnerability fixed in DNS implementations
Researchers have discovered a vulnerability in a number of DNS implementations. The researchers have named the vulnerability SAD DNS, an acronymmm for Side-channel AttackeD DNS. This vulnerability has since been given CVE attribute CVE-2020-25705. The vulnerability allows a malicious party to rou...
SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks
A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. Dubbed "SAD DNS attack" short for Side-channel AttackeD DNS, the technique makes it possible for a maliciou...