A Vulnerability in C Standard Libraries uClibe and uClibe-ng Could Allow for DNS Poisoning | allinfosecnews.com

May 5, 2022, 3:24 a.m. |

Center for Internet Security - Multi-State Information Sharing and Analysis Center www.cisecurity.org

A vulnerability which could allow for DNS poisoning attacks has been discovered in the C standard libraries uClibe and uClibe-ng, which are widely used in IoT products. DNS poisoning enables a subsequent Man-in-the-Middle scenario, which can be used to perform actions like stealing information, forcing authenticated responses, as well as installing malicious firmware.

There is currently no CVE listing, nor further details on affected products, as the research group Nozomi Networks is still working with vendors and library developers in …

dns dns poisoning poisoning vulnerability

More from www.cisecurity.org / Center for Internet Security - Multi-State Information Sharing and Analysis Center

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 4 days, 8 hours ago | www.cisecurity.org

arbitrary code arbitrary code execution attacker chrome +9

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 1 week, 3 days ago | www.cisecurity.org

arbitrary code arbitrary code execution attacker chrome +9

Oracle Quarterly Critical Patches Issued April 16, 2024 2 weeks, 3 days ago | www.cisecurity.org

april code code execution critical +7

Multiple Vulnerabilities in Ivanti Avalanche Could Allow for Remote Code Execution 2 weeks, 3 days ago | www.cisecurity.org

authentication avalanche code code execution +23

Multiple Vulnerabilities in Google Chrome Could Allow for Remote Code Execution 2 weeks, 3 days ago | www.cisecurity.org

attacker chrome code code execution +9

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2 weeks, 4 days ago | www.cisecurity.org

access arbitrary code arbitrary code execution browser +17

A Vulnerability in PAN-OS Could Allow for Arbitrary Code Execution 3 weeks, 1 day ago | www.cisecurity.org

alto arbitrary code arbitrary code execution code +16

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 3 weeks, 3 days ago | www.cisecurity.org

arbitrary code arbitrary code execution attacker chrome +9

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 3 weeks, 4 days ago | www.cisecurity.org

adobe adobe after effects adobe commerce after effects +14

Technical Senior Manager, SecOps | Remote US

@ Coalfire | United States

View on infosec-jobs.com

Global Cybersecurity Governance Analyst

@ UL Solutions | United States

View on infosec-jobs.com

Security Engineer II, AWS Offensive Security

@ Amazon.com | US, WA, Virtual Location - Washington

View on infosec-jobs.com

Senior Cyber Threat Intelligence Analyst

@ Sainsbury's | Coventry, West Midlands, United Kingdom

View on infosec-jobs.com

Embedded Global Intelligence and Threat Monitoring Analyst

@ Sibylline Ltd | Austin, Texas, United States

View on infosec-jobs.com

Senior Security Engineer

@ Curai Health | Remote

View on infosec-jobs.com