lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 18 Oct 2011 22:39:25 +0200
From: Roee Hay <>
To: bugtraq <>,,
Subject: DNS Poisoning via Port Exhaustion


Today we are releasing a very interesting whitepaper which describes a DNS
poisoning attack against stub resolvers.

It discloses two vulnerabilities:

1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote
   DNS poisoning using Java applets. This vulnerability can be triggered when
   opening a malicious webpage. A successful exploitation of this vulnerability
   may lead to disclosure and manipulation of cookies and web pages, disclosure
   of NTLM credentials and clipboard data of the logged-on user, and even
   firewall bypass.

2. A vulnerability in multiuser Windows environments which enables local DNS
   cache poisoning of arbitrary domains. This vulnerability can be triggered
   by a normal user (i.e. one with non-administrative rights) in order to
   attack other users of the system. A successful exploitation of this
   vulnerability may lead to information disclosure, privilege escalation,
   universal XSS and more.

 A blog post with video demos:

Roee Hay <>, IBM Rational Application Security Research Group
Yair Amit <>

Powered by blists - more mailing lists