<< Leute wie Aaron erhalten mehr Spam als Zorro | Home | Wie kann man aus einer Solaris10 Zone ausbrechen? >>

About

Welcome to Ivan Buetler's Blog!

RSS | Atom | E-mail

Navigate

Categories | Tags | Advanced Search

Tags

Recent Blog Entries

Compass Event 2010 - Countdown
Hi all, Have you ever organized a Sec Conference? Since 11 years, I try to fix everything for the event some days in advance. But look at the time of this post - some hours only in advance and everything seems to be prepared for the annual Compass Event ...
Compass Security Artikel in NZZ
In der Online- und Print Ausgabe der NZZ vom 7. September 2010 wird die Compass Security als Ethical Hacking und Penetration Testing Company erklärt. Frau Yoker hat uns während rund 2 Stunden besucht und diverse Fragen rund um das Thema IT ...
Nicolas Seriot (BH Speaker) at Compass Event 2010
Apple's AppStore moves the burden of security management from the user to the vendor by semi automatically verifying each of the 200 000 applications and their updates. Moreover, when an application is downloaded on the iPhone, a sandboxing ...
Covert Channel Attack - SANS Reading
APT (advanced persistent threat) and other cyber crime communities are using the so-called INSIDE-OUT or COVERT CHANNEL attack vector for their investigations. It is the most promising approach for getting long-term access into every company world-wide. ...
New Hacking-Lab LiveCD 4.3 available
Dear Blog reader, We are proud to release the next version of our Hacking-Lab LiveCD. The Ubuntu based LiveCD comes as VirtualBox appliance or simple ISO image and implements a standardized client for Hacking-Lab Remote, our remote security lab. ...
Compass Event 2010
Hallo, Gerne möchten wir Sie auf den kommenden Compass Event 2010 vom 9.September 2010 aufmerksam machen. Wir haben interessante Themen für Sie vorbereitet mit verschiedenen Schwerpunkten zu folgenden Security Themen: * iPhone Hacking ...
Facebook Username Enumeration - 150 MB File
Es gibt bei Web Anwendungen das Security Problem "Username Enumeration". Oftmals wird das Problem etwas belächelt, weil die Identifikation von gültigen Username nicht so tragisch dargestellt wird. Doch wie verhält es sich bei ...
Malware Analysis durch Visuelle Effekte
Die Analyse von Malware ist traditionell in die statische und dynamische Untersuchung unterteilt. Bei der statischen Analyse versucht man den Inhalt der ausführbaren Datei ohne eine Ausführung zu beurteilen. Bei der dynamischen Analyse ...
Pre-Announcement - Swiss Cyber Storm 3
Dear Blog Reader, Back from holiday, I am proud to inform about the progress of Swiss Cyber Storm 3, the leading edge Swiss Security Conference in May 2011! For the third time and past success we have been having, the next Swiss Cyber Storm 3 Conference ...
OWASP Guide Online
Ever wanted to know how to defeat web hacking attacks - what to do with the identified OWASP TOP 10 vulnerabilities? I really much appreciate the OWASP TOP 10 papers, but when it comes to mitigation and remediation, everything is deeply hidden somewhere. ...

Dan Kaminsky DNS Problem -> Citrix auch betroffen

Das von Dan Kaminsky identifizierte DNS Problem macht nun die zweite Runde, indem jeder DNS Query Dienst analysiert wird. Citrix Access Gateway ist so ein Dienst, der die Source DNS Ports nicht randomisiert.

=============== INFO =============
Citrix has acknowledged a vulnerability in Access Gateway, which can be exploited by malicious people to poison the DNS cache.

The vulnerability is caused due to Access Gateway not sufficiently randomising the DNS query port number, which can be exploited to poison the DNS cache.

The vulnerability is reported in all versions of the Access Gateway Standard and Advanced Edition appliance firmware up to and including v 4.5.7 Rev A.

http://secunia.com/advisories/31594/

Add a comment is disabled

Posted by Ivan Buetler on September 3, 2008 10:32:00 AM CEST #

Add a comment is disabled Send a TrackBack

September 2008
Sun	Mon	Tue	Wed	Thu	Fri	Sat
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30
Aug \| Today \| Oct

Re: Dan Kaminsky DNS Problem -> Citrix auch betroffen Comment from Anonymous on September 11, 2010 3:02:50 AM CEST #
Title
Body	HTML : b, strong, i, em, blockquote, br, p, pre, a href="", ul, ol, li, sub, sup
Name
E-mail address
Website
Remember me	Yes No
E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).

2010 September (2) August (7) July (1) June (3) May (5) April (5) March (4) February (4) January (6)	2009 December (5) November (7) October (7) September (10) August (7) July (3) June (7) May (9) April (6) March (7) February (6) January (8)
2008 December (3) November (8) October (24) September (10) August (6) July (4) June (20) May (18) April (16)

Dan Kaminsky DNS Problem -> Citrix auch betroffen

Re: Dan Kaminsky DNS Problem -> Citrix auch betroffen