all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VU#473698: uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID

Add to bookmarks
May 9, 2022, 6:58 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview


The uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environment.


Description


The uClibc and the Uclibc-ng software are lightweight C standard libraries intended for use in embedded systems and mobile devices. The uClibc library has not been updated since May of 2012. The newer uClibc-ng …

dns id transaction id uclibc

Visit resource

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 1 week, 1 day ago | kb.cert.org
abuse access attacker baseboard management controller +17
VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 1 week, 2 days ago | kb.cert.org
arbitrary code arbitrary code execution attacker can +15
VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 3 weeks, 1 day ago | kb.cert.org
application arbitrary code attacker attackers +14
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 4 weeks, 1 day ago | kb.cert.org
arbitrary code attackers cases code +15
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 1 month ago | kb.cert.org
architectures attacker attacks bhi +20
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 1 month ago | kb.cert.org
attacks can dos fragments +6
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month, 2 weeks ago | kb.cert.org
abuse application applications attacker +18
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 1 month, 3 weeks ago | kb.cert.org
architectures attacker can conditions +13
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 2 months ago | kb.cert.org
app attacks bluetooth called +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information System Security Officer / Auditor

@ Peraton | Washington, DC, United States
View on infosec-jobs.com

Senior Cloud Security Engineer

@ Alludo | US | Boston, MA, US | San Francisco, CA, US | Austin, TX, US
View on infosec-jobs.com

Tier 3 - Malware Analyst, SME

@ Resource Management Concepts, Inc. | Quantico, Virginia, United States
View on infosec-jobs.com

Temp to Hire Senior DevSecOps Engineer

@ Scientific Systems Company, Inc. | Burlington, Massachusetts, United States
View on infosec-jobs.com

Security Engineer III - Splunk | SIEM

@ JPMorgan Chase & Co. | Plano, TX, United States
View on infosec-jobs.com

Information Systems Security Officer / Auditor

@ Peraton | Washington, DC, United States
View on infosec-jobs.com
View more jobs