Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

DNS Poisoning via Port Exhaustion

From: Roee Hay <roeeh () il ibm com>
Date: Tue, 18 Oct 2011 23:14:56 +0200
Hey,

Today we are releasing a very interesting whitepaper which describes a DNS
poisoning attack against stub resolvers.

It discloses two vulnerabilities:

1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote
  DNS poisoning using Java applets. This vulnerability can be triggered when
  opening a malicious webpage. A successful exploitation of this vulnerability
  may lead to disclosure and manipulation of cookies and web pages, disclosure
  of NTLM credentials and clipboard data of the logged-on user, and even
  firewall bypass.

2. A vulnerability in multiuser Windows environments which enables local DNS
  cache poisoning of arbitrary domains. This vulnerability can be triggered
  by a normal user (i.e. one with non-administrative rights) in order to
  attack other users of the system. A successful exploitation of this
  vulnerability may lead to information disclosure, privilege escalation,
  universal XSS and more.

 Whitepaper: http://bit.ly/q31wSq
 A blog post with video demos: http://bit.ly/qu4Ez7


Roee Hay <roeeh () il ibm com>, IBM Rational Application Security Research Group
Yair Amit <yairam () gmail com>
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: