Search criteria
2 vulnerabilities by totd_project
CVE-2022-34294 (GCVE-0-2022-34294)
Vulnerability from cvelistv5 – Published: 2022-08-15 11:53 – Updated: 2024-08-03 09:07
VLAI
Summary
totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.usenix.org/conference/usenixsecurity2… | x_refsource_MISC |
| https://github.com/fwdillema/totd | x_refsource_MISC |
| https://www.blackhat.com/presentations/bh-jp-08/b… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2022/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fwdillema/totd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/08/14/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T11:53:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fwdillema/totd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/08/14/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"name": "https://github.com/fwdillema/totd",
"refsource": "MISC",
"url": "https://github.com/fwdillema/totd"
},
{
"name": "https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf",
"refsource": "MISC",
"url": "https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf"
},
{
"name": "https://www.openwall.com/lists/oss-security/2022/08/14/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/08/14/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34294",
"datePublished": "2022-08-15T11:53:52.000Z",
"dateReserved": "2022-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:07:16.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34295 (GCVE-0-2022-34295)
Vulnerability from cvelistv5 – Published: 2022-06-22 14:46 – Updated: 2024-08-03 09:07
VLAI
Summary
totd before 1.5.3 does not properly randomize mesg IDs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.usenix.org/conference/usenixsecurity2… | x_refsource_MISC |
| http://www.hit.bme.hu/~lencse/publications/JCST-A… | x_refsource_MISC |
| https://github.com/fwdillema/totd/commit/afd8a10a… | x_refsource_MISC |
| https://github.com/fwdillema/totd/releases/tag/1.5.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:15.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fwdillema/totd/releases/tag/1.5.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "totd before 1.5.3 does not properly randomize mesg IDs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T14:46:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fwdillema/totd/releases/tag/1.5.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "totd before 1.5.3 does not properly randomize mesg IDs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"name": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf",
"refsource": "MISC",
"url": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf"
},
{
"name": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399",
"refsource": "MISC",
"url": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399"
},
{
"name": "https://github.com/fwdillema/totd/releases/tag/1.5.3",
"refsource": "MISC",
"url": "https://github.com/fwdillema/totd/releases/tag/1.5.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34295",
"datePublished": "2022-06-22T14:46:35.000Z",
"dateReserved": "2022-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:07:15.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}