all InfoSec news
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources.
Description
The User Datagram Protocol (UDP) is a simple, connectionless protocol that is still commonly used in many internet-based applications. UDP has a limited packet-verification capability and is susceptible to IP spoofing. Security researchers …
abuse application applications attacker can dns dos implementation loop network novel ntp packets protocol protocols resources service traffic udp unauthenticated vulnerability vulnerable