dos


Another TKEY record-related bug in BIND has been fixed with a patch from the Internet Systems Consortium (ISC) that was released just after the New Year. This bug may take down BIND recursive servers by sending a simple query response with TKEY record, thereby causing a denial of service (DoS). This potential DoS vulnerability is caused by an assertion failure in Resolver.c when caching the DNS response with TKEY Record. In this post we will analyze the BIND source codes and expose the root cause of this vulnerability. The TKEY record... [Read More]
by RSS Dehui Yin  |  Jan 18, 2017  |  Filed in: Security Research
A defect in BIND's handling of a DNAME answer was fixed in a critical update from the Internet Systems Consortium (ISC) several days ago. This defect affects all BIND recursive servers, and can be exploited to remotely take down recursive servers by sending a simple DNAME answer thereby causing a denial of service (DoS.) This potential DoS vulnerability is caused by an assertion failure in Resolver.c or Db.c when caching the DNS response with DNAME Record. In this post we will examine the underlying code and expose the root cause of this... [Read More]
by RSS Dehui Yin  |  Nov 08, 2016  |  Filed in: Security Research
In this second part article, we analyze two recent vulnerabilities in ISC BIND identified as CVE-2016-1286 and CVE-2016-2088. Based on advisories, these bugs can be triggered using a malformed DNAME record (CVE-2016-1286) or an OPT COOKIE records (CVE-2016-2088). These two bugs share the same attack scenario that can only be triggered when a BIND server makes a request and then receives a malformed response. Based on this requirement, recursive servers are at highest risk to this attack, because it’s not straightforward to ask an authoritative-only... [Read More]
by RSS Amir Zali  |  Apr 01, 2016  |  Filed in: Security Research
The Internet Systems Consortium just released a couple of days ago a new patch (version 9.10.3-P4) to fix some issues in the most popular DNS server software in the world. The release note is available at https://kb.isc.org/article/AA-01363/81/BIND-9.10.3-P4-Release-Notes.html In this series of two articles, we will detail our investigation of these vulnerabilities and how we were able to protect our customers by deploying widely our detection. ISC released a patch for the BIND rndc control channel DoS vulnerability (CVE-2016-1285).... [Read More]
by RSS Dehui Yin  |  Mar 29, 2016  |  Filed in: Security Research
Overview Oracle VirtualBox is a powerful, freely available Type 2 hypervisor that runs on Windows, Mac, Linux, and Solaris operating systems. It is used in both enterprise and prosumer settings. Although it doesn’t enjoy the enterprise market share of VMware and Microsoft Hyper-V, its free availability and flexibility make it a popular choice for test and development environments.   Researchers at FortiGuard Labs have discovered a remote denial of service (DoS) vulnerability (CVE-2015-4896) in the VirtualBox Remote Display... [Read More]
by RSS Peixue Li  |  Oct 30, 2015  |  Filed in: Industry Trends
Last week, FortiGuard Labs announced a remote denial of service vulnerability in the Teradata Gateway and Teradata Express. Teradata is a leading provider of big data solutions including business intelligence, data warehousing, CRM, and more. Many high-profile global enterprises use Teradata and the vulnerability could be used for corporate espionage or to to draw attention away from other malicious actions such as exfiltrating data and compromising other systems. Because this vulnerability does not require an attacker to be authenticated, it... [Read More]
by RSS Anthony Giandomenico  |  Jul 23, 2015  |  Filed in: Security Research
In this entry of the layered security series, we look at layer 3, the network layer. The network layer Network layer security focuses on external threats that are able to bypass the firewall layer. Your FortiGate has two main features that deal with these threats: the Intrusion Prevention System (IPS) and Denial of Service (DoS) protection. What are IPS and DoS protection? IPS protects your network by actively seeking and blocking external threats before they can reach your network devices. These attacks are able to bypass the firewall because... [Read More]
by RSS Victoria Martin  |  Nov 22, 2014  |  Filed in: Security Q & A
The recent widespread DoS attacks directed at a number of sites in the wake of _l’affaire Assange _has prompted several of our customers to ask how Fortinet can help them reduce the effects of a DoS attack. The news has been full of examples of how participants in the so-called “Operation Payback” were able to affect operations for some financial services companies and payment processors in the wake of the Wikileaks document drops. Although it is difficult to prevent a widespread DoS or DDOS attack from affecting your network operations,... [Read More]
by RSS Patrick Bedwell  |  Dec 17, 2010  |  Filed in: Security Research