【安全通报】Windows DNS Server远程代码执行漏洞

Author:



Windows DNS是基础网络组件,通常安装在域控制器上,因此,本次DNS Server远程代码执行漏洞(CVE-2020-1350),可能导致严重的服务中断或获取高级域帐户。该漏洞源于Microsoft DNS服务器角色实现中的缺陷引起的,不是协议级缺陷,故不会影响任何其他非Microsoft DNS服务器或Windows DNS客户端。 未经身份验证的攻击者可以通过给Windows DNS服务器发送恶意请求来利用此漏洞,成功利用此漏洞的攻击者,能够以本地系统账户的身份执行任意代码。 CVSS评分10,官方将此漏洞归类为可蠕虫攻击漏洞,可能通过恶意软件在易受攻击的计算机之间传播,无需用户干预。 CVE编号.



Source link

You must be logged in to post a comment.

RELATED STORIES
Category Applications

Path traversal in zenn-cli package for npm

November 23, 2020
This security advisory describes one medium risk vulnerability. 1) Path traversal Risk: Medium CVSSv3: 5.7...
Read More
Category Applications

Oracle WebLogic Server Administration Console Handle Remote Code Execution

November 22, 2020
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule...
Read More
Category Applications

CVE-2020-28333 Barco wePresent Authentication Bypass – CXSecurity.com-漏洞情报、漏洞详情、安全漏洞、CVE

November 21, 2020
KL-001-2020-006 : Barco wePresent Authentication Bypass Title: Barco wePresent Authentication Bypass Advisory ID: KL-001-2020-006 Publication...
Read More
Category Applications

HomePod has been jailbroken with checkra1n

November 20, 2020
The Apple HomePod has finally been jailbroken with checkra1n jailbreak. Here’s all you need to...
Read More
Category Applications

OS Command Injection in Cisco Secure Web Appliance

November 19, 2020
This security advisory describes one low risk vulnerability. 1) OS Command Injection Risk: Low CVSSv3:...
Read More
Category Applications

CVE-2020-28915 – Alert Detail – Security Database

November 18, 2020
Executive Summary This vulnerability is currently undergoing analysis and not all information is available. Please...
Read More
Category Applications

LCD_Service 1.0.1.0 – ‘LCD_Service’ Unquote Service Path

November 17, 2020
# Exploit Title: Huawei LCD_Service 1.0.1.0 - 'LCD_Service' Unquote Service Path # Date: 2020-11-07 #...
Read More
Category Applications

Vulnerability Node Core via CR-to-Hyphen HTTP Request Smuggling

November 16, 2020
The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a...
Read More
Category Applications

Fuel CMS 1.4 – Remote Code Execution

November 15, 2020
#!/usr/bin/env ruby # Title: Fuel CMS 1.4 – Remote Code Execution # Exploit Author:...
Read More
Category Applications

深入分析Apache Tomcat中的WebSocket漏洞 – 嘶吼 RoarTalk – 回归最本质的信息安全,互联网安全新媒体,4hou.com

November 14, 2020
在本文中,我们将与读者一起深入分析Apache Tomcat中的WebSocket漏洞。 概述 Apache Tomcat是一种Java应用程序服务器,常用于Web应用程序,我们在渗透测试中经常会遇到它。 在这篇文章中,我们将深入分析Apache Tomcat服务器中近期曝出的一个漏洞及其利用方法,以帮助该软件的用户评估其面临的业务风险。该漏洞是与WebSockets一起出现的拒绝服务漏洞,并且已分配了漏洞编号CVE-2020-13935。 在渗透测试期间,我们经常会碰到用户运行过时版本的Apache Tomcat的情况。如果一个给定的版本包含漏洞,并且供应商(或维护者)已经发布了相应的安全更新,我们就会将该版本的软件归类为“过时的”。然而,有些漏洞只有在特定情况下才能被利用,而升级Web应用服务器的代价通常会比较高昂。因此,用户必须掌握简单明了的信息,才能对该漏洞是否影响特定产品以及是否值得升级做出明智的决定。不幸的是,并不是所有的供应商/维护者在安全方面都会提供简单明了的信息。 Apache Tomcat 9.0.37的版本说明显示,已于2020年7月发现并修复了一个漏洞,相关内容如下所示: WebSocket框架中的有效载荷的长度未能进行正确验证,而无效的有效载荷长度可能会触发无限循环,最终,过多的有效载荷长度无效的请求可能导致拒绝服务。 实际上,由于这些信息含糊不清,导致以下疑惑: · 无效的有效载荷长度由哪些部分构成?...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact