all InfoSec news
VU#473698: uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID
May 9, 2022, 6:58 p.m. |
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
The uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environment.
Description
The uClibc and the Uclibc-ng software are lightweight C standard libraries intended for use in embedded systems and mobile devices. The uClibc library has not been updated since May of 2012. The newer uClibc-ng …
More from kb.cert.org / CERT Recently Published Vulnerability Notes
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
1 month, 4 weeks ago |
kb.cert.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)