CVE-2006-5215 |
|
|
Oct 10, 2006 |
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, all
more...
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.
less...
|
9.3, 9.2, 9.1, 8.2, 9.0, 8.1, 8.0, 7.1.2, 7.1.1, 7.1
|
BDSA-2024-0359 |
|
Medium |
Feb 16, 2024 |
Implementations of DNSSEC, the Security Extensions of DNS, can be impacted by design features of the specification that could allow for the excessive c
more...
Implementations of DNSSEC, the Security Extensions of DNS, can be impacted by design features of the specification that could allow for the excessive consumption of CPU resources on a DNSSEC-validating resolver when using NSEC3.
Affected implementations can spend valuable CPU cycles on SHA1 hashing where an attacker is able to select or create a DNSSEC-signed zone with NSEC3 parameters that are configured in a way to be in excess of recommended best practices using extra iterations, and then launch a random subdomain attack against the zone.
Where an attacker is able to force a target to carry out this work, performance can be heavily impacted and result in availability issues for other clients.
less...
|
|
BDSA-2024-0337 |
|
Medium |
Feb 15, 2024 |
Implementations of DNSSEC, the Security Extensions of DNS, can be impacted by design features of the specification that could allow for the excessive c
more...
Implementations of DNSSEC, the Security Extensions of DNS, can be impacted by design features of the specification that could allow for the excessive consumption of CPU resources on a DNSSEC-validating resolver.
The DNSSEC specification dictates that implementations evaluate all combinations of `DNSKEY` and `RRSIG` records in order to find matches. While this is standard, various implementations of the specification do not enforce any limit on the amount of work done to carry out this process. As a result of this, implementations can be susceptible to denial-of-service (DoS) problems if an attacker is able to craft a DNS zone with a large amount of `DNSKEY` and `RRSIG` records.
Where an attacker is able to force a target to carry out this work, performance can be heavily impacted and result in availability issues for other clients.
less...
|
|