dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker.
References
Link | Resource |
---|---|
https://sourceforge.net/projects/dproxy/ | Product Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/08/14/3 | Exploit Mailing List Third Party Advisory |
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-08-15T12:09:50
Updated: 2022-08-15T12:09:50
Reserved: 2022-06-18T00:00:00
Link: CVE-2022-33988
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-15T13:15:17.807
Modified: 2022-08-17T21:05:17.970
Link: CVE-2022-33988
JSON object: View
Redhat Information
No data.
CWE