Tagged: dns

VU#457759: glibc vulnerable to stack buffer overflow in DNS resolver 0

VU#457759: glibc vulnerable to stack buffer overflow in DNS resolver

Vulnerability Note VU#457759 glibc vulnerable to stack buffer overflow in DNS resolver Original Release date: 17 Feb 2016 | Last revised: 18 Feb 2016 Overview GNU glibc contains a buffer overflow vulnerability in the DNS resolver, which may allow a remote attacker to execute arbitrary code. Description CWE-121 : Stack-based Buffer Overflow – CVE-2015-7547 According to a Google security blog post : “The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.” According to glibc developers, the vulnerable code was initially added in May 2008 as part of the development for glibc 2.9.

DNS Reconnaissance using nmap, (Sun, Nov 8th) 0

DNS Reconnaissance using nmap, (Sun, Nov 8th)

In a penetration test (PenTest) a thorough reconnaissance is critical to the overall success of the project. DNS information for the target network is often very useful reconnaissance information. DNS information is publicly available information and enumerating it from DNS servers does not require any contact with the target and will not tip off the target company to any activities