all InfoSec news
VU#473698: uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID
May 9, 2022, 6:58 p.m. |
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
The uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environment.
Description
The uClibc and the Uclibc-ng software are lightweight C standard libraries intended for use in embedded systems and mobile devices. The uClibc library has not been updated since May of 2012. The newer uClibc-ng …
More from kb.cert.org / CERT Recently Published Vulnerability Notes
Jobs in InfoSec / Cybersecurity
Information System Security Officer / Auditor
@ Peraton | Washington, DC, United States
Senior Cloud Security Engineer
@ Alludo | US | Boston, MA, US | San Francisco, CA, US | Austin, TX, US
Tier 3 - Malware Analyst, SME
@ Resource Management Concepts, Inc. | Quantico, Virginia, United States
Temp to Hire Senior DevSecOps Engineer
@ Scientific Systems Company, Inc. | Burlington, Massachusetts, United States
Security Engineer III - Splunk | SIEM
@ JPMorgan Chase & Co. | Plano, TX, United States
Information Systems Security Officer / Auditor
@ Peraton | Washington, DC, United States