Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mercredi 20 mai 2020

DNS Protocol Vulnerability (CERT-EU Security Advisory 2020-027)

On 19th of May 2020 a new DNS protocol vulnerability was made public. It was discovered by researchers from Tel Aviv University and the Interdisciplinary Center in Israel. Disclosed vulnerability abuses DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker’s choice. Unlike traditional random subdomain attacks, in case of this attack , the queries are generated by resolver itself. The researchers called this attack the NXNSAttack. It appears that pretty much all vendors of DNS resolvers are affected.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 200

x

Événements SSI