** Information type changed from Private Security to Public Security
** Changed in: dnsmasq (Ubuntu)
Status: New => Confirmed
** Changed in: systemd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1782225
Title:
Cache poisoning vulnerability on the OS level DNS cache in Ubuntu
Status in dnsmasq package in Ubuntu:
Confirmed
Status in systemd package in Ubuntu:
Confirmed
Bug description:
We would like to report a cache poisoning vulnerability on the OS
level DNS cache in Ubuntu. This vulnerability allows an off-path
attacker to impersonate the DNS resolver and poisons the OS-wide DNS
cache directly or through a port-preserving NAT. We have a paper
describing the problem, please see the attachment.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1782225/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
