ICT & Cyber Security

[Bug 1819261] freeipa: Exposure of DNS via system network configuration discovery

Author:



In FreeIPA, alpha-1-9-0 to rc_1-2-1-90 there is a public exposure of DNS records to anyone who has access to the LDAP server (System Network Configuration Discovery which later can serve an attacker for lateral movement). Upstream patch:

Thank you for the report. This looks like a potential vulnerability.



Source link

You must be logged in to post a comment.

RELATED STORIES
vamtam-theme-circle-post
Category Microsoft VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesMicrosoft VulnerabilitiesMozilla

Windows 10 20H2: Installation und neue Funktionen im Überblick

September 23, 2020
Microsoft hat Windows 20H2 so gut wie fertiggestellt. Wer sich als Insider im Release Preview-Kanal...
Tags , , , , , , ,
Read More
vamtam-theme-circle-post
Category CERT-LatestNews Linux ThreatsEconomic VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesLinux VulnerabilitiesOS

SUSE: 2020:2728-1 moderate: cifs-utils>

September 23, 2020
An update that fixes one vulnerability is now available. SUSE Security Update: Security update for...
Tags , , , , , , ,
Read More
vamtam-theme-circle-post
Category CERT-LatestNews Cybersecurity-Covid-19 Microsoft ThreatsCybercrime ThreatsEconomic VulnerabilitiesAll VulnerabilitiesMicrosoft VulnerabilitiesNetwork

Microsoft’s Azure Defender for IoT Uses CyberX Tech

September 23, 2020
Azure Defender for IoT is built to help IT and OT teams discover IoT and...
Tags , , , , , ,
Read More
vamtam-theme-circle-post
Category CERT-LatestNews Microsoft ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesCrypto VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesNetwork VulnerabilitiesOS

Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability

September 23, 2020
If you’re administrating Windows Server, make sure it’s up to date with all recent patches...
Tags , , , , , , , , , , , , , , , , , , , , , , ,
Read More
vamtam-theme-circle-post
Category CERT-LatestNews Microsoft VulnerabilitiesAll VulnerabilitiesMicrosoft

Servidores Citrix son hackeados a través de un nuevo método; hackers explotan antigua falla CVE-2020-8207

September 23, 2020
Se ha revelado la existencia de una vulnerabilidad en Citrix Workspace cuya explotación permitiría a...
Tags , , , , , , , , , , , ,
Read More
Category CERT-LatestNews Cybersecurity-Covid-19 Microsoft ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesMicrosoft VulnerabilitiesNetwork

eBay Execs to Plead Guilty to Cyber-Stalking – Security news

September 23, 2020
eBay Execs to Plead Guilty to Cyber-Stalking Four former eBay executives accused of cyber-stalking and...
Tags , , , , , , ,
Read More
vamtam-theme-circle-post
Category CERT-LatestNews KasperskyNews Microsoft ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesMicrosoft VulnerabilitiesNetwork

Citrix servers are hacked via a new method; hackers exploit old CVE-2020-8207 flaw

September 23, 2020
A critical vulnerability has been revealed in Citrix Workspace whose exploit would allow threat actors...
Tags , , , , , , , ,
Read More
vamtam-theme-circle-post
Category CERT-LatestNews Cybersecurity-Covid-19 Malware Microsoft ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesCrypto VulnerabilitiesGoogle VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS

CISA: LokiBot Stealer Storms Into a Resurgence

September 23, 2020
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that the LokiBot info-stealing trojan...
Tags , , , , , , , , , , , , , , , , , , , , ,
Read More
vamtam-theme-circle-post
Category Microsoft VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesHardware VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesOS

Hackers jailbreak Apple’s T2 security chip powered by bridgeOS

September 23, 2020
The Apple T2 security chip has finally been jailbroken! Here’s all you need to know...
Tags , , , , , , ,
Read More
Category CERT-LatestNews Microsoft ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesOS

B-swiss 3 Digital Signage System 3.6.5 Remote Code Execution

September 23, 2020
[*] # Exploit Title: B-swiss 3 Digital Signage System 3.6.5 – Remote Code Execution #...
Tags , , , , , , ,
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact