| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 6 Dec 2019 10:07:24 +0300 From: Alphan YAVAS <alphan.yv@...il.com> To: fulldisclosure@...lists.org, bugtraq@...urityfocus.com Subject: External Service Interaction (DNS) on Skype for Business I. VULNERABILITY ------------------------- Microsoft Skype for Business External Service Interaction (DNS) Latest Version II. CVE REFERENCE ------------------------- Not Assigned Yet III. VENDOR ------------------------- https://www.microsoft.com IV. TIMELINE ------------------------- 28/11/2019 Vulnerability discovered 03/12/2019 Vendor contacted 04/12/2019 Microsoft replay that “We determined that this behavior is considered to be by design.” V. CREDIT ------------------------- Alphan Yavas from Biznet Bilisim A.S. VI. DESCRIPTION ------------------------- Microsoft Skype for Business latest versions affected from external service interaction(DNS) vulnerability. A remote attacker could force the vulnerable server to send DNS request to any remote server attacker wants. VII. PROOF OF CONCEPT ------------------------- Affected Component: Path(inurl): /Dialin/Conference.aspx Parameter: Username Login page of Skype for Business affected from external service interaction (DNS) vulnerability. If username is being sent with following format victim server will send out DNS queries to xxx domain. (xxx is the domain which you want to send request from server) username: ssrf.xxx.com\pentest password: (doesn't matter) Reference: https://portswigger.net/kb/issues/00300200_external-service-interaction-dns
Powered by blists - more mailing lists