In message alpine.deb.2.00.1110182342050.12...@mail.xelerance.com, Paul Woute
rs writes:
FYI
Paul
Nothing really new here. Port exhaustion was a obvious and identified
threat when we looked at port randomisation.
-- Forwarded message --
Date: Tue, 18 Oct 2011 17:14:56
From: Roee Hay ro...@il.ibm.com
To: dailydave dailyd...@lists.immunityinc.com
Subject: [Dailydave] DNS Poisoning via Port Exhaustion
X-Spam-Flag: NO
Hey,
Today we are releasing a very interesting whitepaper which describes a DNS
poisoning attack against stub resolvers.
It discloses two vulnerabilities:
1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables rem=
ote
=A0 DNS poisoning using Java applets. This vulnerability can be triggered w=
hen
=A0 opening a malicious webpage. A successful exploitation of this vulnerab=
ility
=A0 may lead to disclosure and manipulation of cookies and web pages, discl=
osure
=A0 of NTLM credentials and clipboard data of the logged-on user, and even
=A0 firewall bypass.
2. A vulnerability in multiuser Windows environments which enables local DNS
=A0 cache poisoning of arbitrary domains. This vulnerability can be trigger=
ed
=A0 by a normal user (i.e. one with non-administrative rights) in order to
=A0 attack other users of the system. A successful exploitation of this
=A0 vulnerability may lead to information disclosure, privilege escalation,
=A0 universal XSS and more.
=A0Whitepaper: http://bit.ly/q31wSq
=A0A blog post with video demos: http://bit.ly/qu4Ez7
Roee Hay ro...@il.ibm.com, IBM Rational Application Security Research Gro=
up
Yair Amit yai...@gmail.com
___
Dailydave mailing list
dailyd...@lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop