home.social

#cachepoisoning — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cachepoisoning, aggregated by home.social.

  1. #CachePoisoning #vulnerabilities found in 2 #DNS resolving apps

    The makers of #BIND , the Internet’s most widely used software for resolving domain names, are warning of two vulnerabilities that allow attackers to poison entire caches of results and send users to #malicious destinations that are indistinguishable from the real ones.
    #security

    arstechnica.com/security/2025/

  2. Critical DNS cache poisoning in dnsmasq.

    Sounds like the authors wanted to do coordinated disclosure but accidentally sent it to a public mailing list???

    lists.thekelleys.org.uk/piperm

    #dnsmasq #infosec #dns #cachepoisoning

  3. Well, it turns out we're not the only folks to find something in F5 this month:

    my.f5.com/manage/s/article/K00

    Sounds like someone else found a post-auth SQL Injection vuln. There's also some kind of cache poisoning issue that someone identified. More details on that at blog.malicious.group/from-akam.

    For the last issue the author was annoyed there was no bug bounty so they told F5 they were just gonna full disclosure. I suspect our bug was just bundled in with this release to get ahead of it.

    Part of me would have loved the idea of accidentally stumbling onto a legit 0-day in the wild, but at this point I'm going to assume that's not the case until I see it proven otherwise.

    #f5 #sqlinjection #cachepoisoning #vr #fulldisclosure

  4. Researchers find way to revive Kaminsky’s 2008 DNS cache poisoning attack - Enlarge (credit: Henrik 5000 / Getty Images)
    In 2008, researcher Dan Kaminsky revealed one of the... - arstechnica.com/?p=1722675 #domainnamesystem #cachepoisoning #dankaminsky #biz&it #tech #dns