[Bug 1819261] freeipa: Exposure of DNS via system network configuration discovery

Author:



In FreeIPA, alpha-1-9-0 to rc_1-2-1-90 there is a public exposure of DNS records to anyone who has access to the LDAP server (System Network Configuration Discovery which later can serve an attacker for lateral movement). Upstream patch:

Thank you for the report. This looks like a potential vulnerability.



Source link

Write a comment:
*

Your email address will not be published.

RELATED STORIES
vamtam-theme-circle-post
Category VulnerabilitiesNetwork

Thousands of Exim Servers Vulnerable to Critical Flaw: Report

June 3, 2020
Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management RiskIQ...
Read More
vamtam-theme-circle-post
Category VulnerabilitiesNetwork

Thousands of Exim Servers Vulnerable to Critical Flaw: Report

June 3, 2020
Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management RiskIQ...
Read More
vamtam-theme-circle-post
Category Microsoft VulnerabilitiesAll VulnerabilitiesMicrosoft

Hamburg soll Modellstadt für Klimaschutz, Radfahrverkehr und 5G-Mobilfunk werden

June 3, 2020
Hamburg soll zur Modellstadt unter anderem für Klimaschutz, Radfahrverkehr, den 5G-Mobilfunk und Intelligente Verkehrs- und...
Tags , , , , , , , , , , , , , , ,
Read More
vamtam-theme-circle-post
Category Applications Malware VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesGoogle VulnerabilitiesMozilla VulnerabilitiesNetwork

Kurz informiert: Gaia-X, eGK, Firefox-/Tor-Browser, Trump

June 3, 2020
Französische und deutsche Firmen planen gemeinsame Organisation für Gaia-X Das von Deutschland und Frankreich vorangetriebene...
Tags , , , ,
Read More
vamtam-theme-circle-post
Category VulnerabilitiesNetwork

Why Dark Web Monitoring Is Essential

June 3, 2020
In the first part of our article, we learned what the dark web is, and...
Read More
vamtam-theme-circle-post
Category Linux VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesCrypto VulnerabilitiesGoogle VulnerabilitiesLinux VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS

Firefox fixes cryptographic data leakage in latest security update – Naked Security

June 3, 2020
We don’t know whether lockdown has anything to do with it, but how time flies!...
Tags , , , , , , , , , , , ,
Read More
Category VulnerabilitiesNetwork

NVD – CVE-2020-11075

June 3, 2020
CVE-2020-11075 Detail Current Description In Anchore Engine version...
Read More
vamtam-theme-circle-post
Category Applications CERT-LatestNews ThreatsCybercrime ThreatsStrategic VulnerabilitiesAll VulnerabilitiesApplications

Reno Resident Indicted For Possession, Receipt, And Distribution Of Thousands Of Images Of Child Pornography

June 3, 2020
RENO, Nev. – Brandon Eric Navarrete, 27, of Reno, was arraigned in federal court today...
Tags , , , , , , , , , , ,
Read More
Category Linux VulnerabilitiesAll VulnerabilitiesGoogle VulnerabilitiesLinux VulnerabilitiesOS

招聘 | 金山WPS诚聘渗透工程师

June 3, 2020
(简历请注明注明:金山+岗位昵称+姓名+工作年限) 公司简介. anquanke@360.cn 创立于1988年的金山办公软件是全球领先的办公软件和服务提供商,旗下著名产品包括WPS系列桌面办公软件、WPS移动办公软件和金山词霸等。目前全球范围内已经有超过4亿用户在Windows、Linux、Android、iOS等众多主流操作平台上,使用金山办公软件进行日常学习和工作。 工作地点. 广东省珠海市金山软件园 或 北京市海淀区小米科技园. 招聘详情 岗位职责: 1、负责公司产品的渗透测试和漏洞挖掘工作,根据安全风险提供安全建议和解决方案;…. Source link
Tags , , , , , , , , , , , , , , , , , , , , , ,
Read More
vamtam-theme-circle-post
Category Microsoft VulnerabilitiesAll VulnerabilitiesMicrosoft

Many Exchange Servers Are Still Vulnerable to Remote Exploit |

June 3, 2020
Many Exchange Servers Are Still Vulnerable to Remote Exploit | | IT Security News ...
Tags , , , , , ,
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact