[Bug 1819261] freeipa: Exposure of DNS via system network configuration discovery

Author:



In FreeIPA, alpha-1-9-0 to rc_1-2-1-90 there is a public exposure of DNS records to anyone who has access to the LDAP server (System Network Configuration Discovery which later can serve an attacker for lateral movement). Upstream patch:

Thank you for the report. This looks like a potential vulnerability.



Source link

You must be logged in to post a comment.

RELATED STORIES
Category Applications

Remote code execution in Fuji Electric V-Server Lite

November 25, 2020
This security advisory describes one high risk vulnerability. 1) Out-of-bounds write Risk: High CVSSv3: 7.7...
Read More
Category VulnerabilitiesNetwork

CVE-2020-28991 Gitea 安全漏洞 -漏洞情报、漏洞详情、安全漏洞、CVE – 安全客,安全资讯平台

November 25, 2020
|漏洞详情 Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea 0.9.99版本至1.12.x系列1.12.6之前版本存在安全漏洞,该漏洞源于不会阻止git协议路径指定TCP端口号,并且在parseRemoteAddr中的modules/auth/repo_form.go中也包含换行符(具有URL编码)。 |参考资料 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-28991 Source link Is your business effected by Cyber...
Read More
Category Applications

Sutro Biopharma to Host a Virtual KOL Event to Provide Clinical Update on Antibody-Drug Conjugate STRO-002 in Ovarian Cancer

November 24, 2020
SOUTH SAN FRANCISCO, Calif., Nov. 24, 2020 /PRNewswire/ — Sutro Biopharma, Inc. (NASDAQ: STRO), a clinical-stage...
Read More
Category VulnerabilitiesNetwork

CVE-2020-28360 Frenchbread Private-ip 输入验证错误漏洞 -漏洞情报、漏洞详情、安全漏洞、CVE

November 24, 2020
|漏洞详情 Frenchbread Private-ip是Frenchbread个人开发者的一个用于检查Ip是否为私有的Js代码库。 Frenchbread Private-ip package v1.0.5之前版本存在安全漏洞,该漏洞源于正则表达式不足,无法充分过滤保留的IP范围,导致SSRF不确定。攻击者可利用该漏洞可以对ARIN保留的IP范围执行大量请求,导致无法确定关键攻击向量的数量,从而允许远程攻击者可利用该漏洞通过各种SSRF技术请求服务器端资源或潜在地执行任意代码。 |参考资料 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-28360 Source link Is your business...
Read More
Category Applications

Path traversal in zenn-cli package for npm

November 23, 2020
This security advisory describes one medium risk vulnerability. 1) Path traversal Risk: Medium CVSSv3: 5.7...
Read More
Category VulnerabilitiesNetwork

VMware fixed SD-WAN flaws that could allow hackers to target enterprisesSecurity Affairs

November 23, 2020
VMware addressed six vulnerabilities in its SD-WAN Orchestrator product that can potentially expose enterprise networks...
Read More
Category Applications

Oracle WebLogic Server Administration Console Handle Remote Code Execution

November 22, 2020
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule...
Read More
Category VulnerabilitiesNetwork

Cybersecurity during the pandemic | BusinessWorld

November 22, 2020
(Second of two parts) In last week’s article, we highlighted the challenges of cybersecurity in...
Read More
Category Applications

CVE-2020-28333 Barco wePresent Authentication Bypass – CXSecurity.com-漏洞情报、漏洞详情、安全漏洞、CVE

November 21, 2020
KL-001-2020-006 : Barco wePresent Authentication Bypass Title: Barco wePresent Authentication Bypass Advisory ID: KL-001-2020-006 Publication...
Read More
Category VulnerabilitiesNetwork

CVE-2020-28331 Barco wePresent Undocumented SSH Interface – CXSecurity.com-漏洞情报、漏洞详情、安全漏洞、CVE

November 21, 2020
KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI Title: Barco wePresent Undocumented...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact