[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] DNS Poisoning via Port Exhaustion
- To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx, dailydave@xxxxxxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] DNS Poisoning via Port Exhaustion
- From: Roee Hay <roeeh@xxxxxxxxxx>
- Date: Tue, 18 Oct 2011 22:39:25 +0200
Hey,
Today we are releasing a very interesting whitepaper which describes a DNS
poisoning attack against stub resolvers.
It discloses two vulnerabilities:
1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote
DNS poisoning using Java applets. This vulnerability can be triggered when
opening a malicious webpage. A successful exploitation of this vulnerability
may lead to disclosure and manipulation of cookies and web pages, disclosure
of NTLM credentials and clipboard data of the logged-on user, and even
firewall bypass.
2. A vulnerability in multiuser Windows environments which enables local DNS
cache poisoning of arbitrary domains. This vulnerability can be triggered
by a normal user (i.e. one with non-administrative rights) in order to
attack other users of the system. A successful exploitation of this
vulnerability may lead to information disclosure, privilege escalation,
universal XSS and more.
Whitepaper: http://bit.ly/q31wSq
A blog post with video demos: http://bit.ly/qu4Ez7
Roee Hay <roeeh@xxxxxxxxxx>, IBM Rational Application Security Research Group
Yair Amit <yairam@xxxxxxxxx>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/