[Bug 1839821] CVE-2020-12667 knot-resolver: Traffic amplification triggered by random subdomains in the NSDNAME in NS records

Author:



Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an “NXNSAttack” issue. This is triggered by random subdomains in the NSDNAME in NS records. References:

This CVE Bugzilla entry is for community support informational purposes….



Source link

Write a comment:
*

Your email address will not be published.

RELATED STORIES
vamtam-theme-circle-post
Category CERT-LatestNews Microsoft ThreatsEconomic VulnerabilitiesAll VulnerabilitiesMicrosoft VulnerabilitiesNetwork VulnerabilitiesOS

CISA ออกกฎบังคับหน่วยงานรัฐบาลกลางสหรัฐ อัปเตด Windows Server อุดช่องโหว่ Netlogon ภายในวันที่ 21 ก.ย. 2002

September 20, 2020
Cybersecurity and Infrastructure Security Agency หรือ CISA ได้ออกกฎบังคับเพื่อให้หน่วยงานรัฐบาลกลางสหรัฐต้องดำเนินการอัปเดตระบบอุดช่องโหว่ Netlogon บน Microsoft Windows Server โดยด่วน รวมถึงยังแนะนำให้หน่วยงานภาคเอกชนและอื่นๆ...
Tags , , , , , , , , ,
Read More
vamtam-theme-circle-post
Category Applications VulnerabilitiesAll VulnerabilitiesApplications

【安全通报】Citrix Systems 多款产品存在安全漏洞(CVE-2020-8245、CVE-2020-8246、CVE-2020-8247)|NOSEC安全讯息平台 – 白帽汇安全研究院

September 20, 2020
Citrix Systems是一家美国跨国软件公司,提供服务器,应用程序和桌面虚拟化,网络,软件即服务(SaaS)和云计算技术。Citrix产品据称已在全球超过40万个客户中使用。 2020年9月18日 Citrix宣布Citrix Systems 多款产品存在注入漏洞。 CVE-2020-8245:攻击者可利用该漏洞进行对SSL VPN网站门户进行攻击。 CVE-2020-8246:该漏洞源于网络系统或产品对系统资源(如内存、磁盘空间、文件等)的管理不当。 CVE-2020-8247:攻击者可利用该漏洞管理接口上的特权升级。 请相关用户及时进行补丁下载。 CVE 编号 CVE-2020-8245、CVE-2020-8246、CVE-2020-8247 影响范围...
Read More
vamtam-theme-circle-post
Category Linux VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesLinux VulnerabilitiesNetwork

Vulnerability RubyGem Sanitize via Relaxed Config

September 20, 2020
The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a...
Tags , , , , ,
Read More
Category Database Management Systems VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesGoogle

MIQPM – SQL Injection vulnerability

September 20, 2020
**************************** #Exploit Title: MIQPM – SQL Injection vulnerability #Date: 2020-09-20 #Exploit Author: Mahdi Karimi #Vendor...
Tags , , , ,
Read More
vamtam-theme-circle-post
Category CERT-LatestNews Microsoft ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesGoogle VulnerabilitiesHardware VulnerabilitiesMicrosoft VulnerabilitiesOS

Une femme décède à cause d’un ransomware et Bluetooth affaiblit des milliards d’appareils #veille (20 sept 2020)

September 20, 2020
Marc Barbezat 40 minutes ago Carnet de veille Voici le rapport de veille de la...
Tags , , , , , , , , , , , ,
Read More
vamtam-theme-circle-post
Category APTFilter CERT-LatestNews Malware Microsoft ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesGoogle VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage

September 20, 2020
It’s one thing for APT groups to conduct cyber espionage to meet their own financial...
Tags , , , , , , , , , , , , , , , , , , , , , , , , ,
Read More
Category Hardware VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesHardware VulnerabilitiesNetwork

Security Bulletin: Vulnerability in ntp (CVE-2020-11868 and CVE-2020-13817).

September 20, 2020
Sep 19, 2020 8:00 pm EDT Categorized: Medium Severity Share this post: NTP...
Tags , , , , , ,
Read More
vamtam-theme-circle-post
Category Microsoft VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesMicrosoft VulnerabilitiesOracle

Trump approves Oracle’s proposed deal with TikTok

September 20, 2020
“I have given the deal my blessing,” Trump told reporters Saturday. “If they get it...
Tags , , , , , ,
Read More
vamtam-theme-circle-post
Category Cryptography VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesCrypto

Fedora 31: cryptsetup 2020-5ed5af6275>

September 20, 2020
Update to cryptsetup 2.3.4. Security fix for CVE-2020-14382 ——————————————————————————– Fedora Update Notification FEDORA-2020-5ed5af6275 2020-09-19 22:44:26.739578...
Tags , , , , ,
Read More
Category Microsoft VulnerabilitiesAll VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesOS

Кто займется развитием безопасности открытого ПО — обсуждаем новые проекты и их будущее

September 19, 2020
В августе Linux Foundation основали фонд OpenSSF. В него вошли — Core Infrastructure Initiative и...
Tags , , , , , , , , , , ,
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact