Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27184
HistoryOct 24, 2011 - 12:00 a.m.

DNS Poisoning via Port Exhaustion

2011-10-2400:00:00
vulners.com
36

Hey,

Today we are releasing a very interesting whitepaper which describes a DNS
poisoning attack against stub resolvers.

It discloses two vulnerabilities:

  1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote
    DNS poisoning using Java applets. This vulnerability can be triggered when
    opening a malicious webpage. A successful exploitation of this vulnerability
    may lead to disclosure and manipulation of cookies and web pages, disclosure
    of NTLM credentials and clipboard data of the logged-on user, and even
    firewall bypass.

  2. A vulnerability in multiuser Windows environments which enables local DNS
    cache poisoning of arbitrary domains. This vulnerability can be triggered
    by a normal user (i.e. one with non-administrative rights) in order to
    attack other users of the system. A successful exploitation of this
    vulnerability may lead to information disclosure, privilege escalation,
    universal XSS and more.

Whitepaper: http://bit.ly/q31wSq
A blog post with video demos: http://bit.ly/qu4Ez7

Roee Hay <[email protected]>, IBM Rational Application Security Research Group
Yair Amit <[email protected]>

Related for SECURITYVULNS:DOC:27184