[Bug 1819261] freeipa: Exposure of DNS via system network configuration discovery

Author:



In FreeIPA, alpha-1-9-0 to rc_1-2-1-90 there is a public exposure of DNS records to anyone who has access to the LDAP server (System Network Configuration Discovery which later can serve an attacker for lateral movement). Upstream patch:

Thank you for the report. This looks like a potential vulnerability.



Source link

You must be logged in to post a comment.

RELATED STORIES
Category Applications

This Week In Security: Text Rendering On Windows, GNU Poke, And Bitsquatting

March 5, 2021
Project Zero just unrestricted the details on CVE-2021-24093, a potentially nasty vulnerability in Windows 10’s...
Read More
Category VulnerabilitiesNetwork

Clubhouse Media Group Announces The Formation Of Groundbreaking Creator Advisory Panel

March 5, 2021
LOS ANGELES, March 5, 2021 /PRNewswire/ — Clubhouse Media Group Inc. (OTCMKTS:CMGR) (“Clubhouse Media” or the...
Read More
Category Applications

Attacks Targeting Microsoft Exchange: Check Point customers remain protected

March 4, 2021
On March 2nd , 2021, Volexity reported the in-the-wild exploitation of the following Microsoft Exchange...
Read More
Category VulnerabilitiesNetwork

China and Russia’s Spying Sprees Will Take Years to Unpack

March 4, 2021
First it was Solarwinds, a reportedly Russian hacking campaign that stretches back almost a year,...
Read More
Category Applications

Multiple Severe Vulnerabilities in Microsoft Exchange Server

March 3, 2021
Summary. Multiple vulnerabilities have been discovered in Microsoft Exchange Server (on premises version), the most...
Read More
Category VulnerabilitiesNetwork

Google fixes second actively exploited Chrome zero-day bug this year

March 3, 2021
Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd,...
Read More
Category Applications

ASRC 2020 年郵件安全趨勢回顧 | iThome

March 2, 2021
2020年幾乎全年都受到Covid-19疫情影響。疫情的出現改變了全球數位工作模式,為了降低疫情對工作人力的衝擊,遠距工作或在家學習成了重要選項,很可能也將成為今後的常態。 遠距工作挑戰了傳統的資安部署觀念,遠端存取不再有「可信任的區塊或空間場域」,因此,所有服務的存取都需要驗證迫使了零信任的架構要提早被實現。遠距工作也推動了雲端應用的加速,雲端服務商算是疫情下少數的受惠者;但雲端服務設定不當造成資料大批洩漏的情況,算是容易被忽視的資安弱點。此外,不論是安全人員或是攻擊者,面對遠距工作直覺可聯想到的資安問題,就是 VPN 連線的安全性保護及 DDoS 攻擊或任何可能阻斷服務取得的手段,這類攻擊在 2020 年算是最容易被觀察到的事件了。 2020 年郵件安全有哪些明顯的趨勢?以下為ASRC 研究中心與中華數位科技的觀察摘要: 詐騙郵件 受到疫情的影響,在郵件安全方面防疫物資的詐騙經常出現。這些防疫物資的銷售廣告來自不明的公司與新註冊的域名,且出現的頻率與疫情的嚴重程度、防疫物資的匱乏程度有關係。2020 年的第一季與第二季較常看到此類詐騙;第四季後就相對少了許多。 除了與疫情有關的詐騙郵件外,還有內容以恫嚇收件人電腦遭到入侵與監控的比特幣詐騙郵件。詐騙的內容其實是杜撰的,但這樣的詐騙郵件內容依發送的地區與國別,融合了多國的在地化語言,以提高詐騙成功的機率。...
Read More
Category VulnerabilitiesNetwork

Version checken: “High Resistance”-Firewall GeNUGate barg kritische Lücke

March 2, 2021
Das Unternehmen SEC Consult hat eine kritische Sicherheitslücke in der Firewall GeNUGate der GeNUA mbH...
Read More
Category Applications

Red Hat Security Advisory 2021-0663-01 – KK Hack Labs

March 1, 2021
Red Hat Security Advisory 2021-0663-01 – Ansible is a simple model-driven configuration management, multi-node deployment,...
Read More
Category VulnerabilitiesNetwork

Genua GenuGate High Resistance Firewall Authentication Bypass

March 1, 2021
SEC Consult Vulnerability Lab Security Advisory < 20210301-0 > ======================================================================= title: Authentication bypass vulnerability product:...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact