MDNS的漏洞报告——mdns的最大问题是允许广域网的mdns单播查询,这会暴露设备信息,或者被利用用于dns放大攻击
Vulnerability Note VU#550620
Multicast DNS (mDNS) implementations may respond to unicast queries originating outside the local link
Overview
Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service (DoS) amplification attacks.
Description
Multicast DNS (mDNS) is a way for devices on a local link network to automatically discover other services and devices. In some implementations of mDNS, the mDNS server replies to unicast queries from outside the link local network (e.g., the WAN). This mDNS response may result in information disclosure of devices on the network. Furthermore, the information returned in the response is greater in size than the query and may be used for denial-of-service (DoS) amplification. RFC 6762 Section 5.5 states the following: |
Impact
An mDNS response to a unicast query originating outside of the local link network may result in information disclosure, such as disclosing the device type/model that responds to the request or the operating system running such software. The mDNS response may also be used to amplify denial of service attacks against other networks. |
Solution
Block inbound and outbound mDNS on the WAN |
Disable mDNS services |
Vendor Information (Learn More)
Despite attempts to analyze scan results, it is not entirely clear exactly which software responds to mDNS queries. Vendors have been alerted, but currently only a small number of devices have been confirmed to respond to unicast queries from the WAN. In Linux, the Avahi software is also known to allow unicast queries. |
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Avahi mDNS | Affected | - | 31 Mar 2015 |
Canon | Affected | 10 Feb 2015 | 08 Apr 2015 |
Hewlett-Packard Company | Affected | 10 Feb 2015 | 20 Mar 2015 |
IBM Corporation | Affected | 10 Feb 2015 | 31 Mar 2015 |
Synology | Affected | 10 Feb 2015 | 31 Mar 2015 |
Cisco Systems, Inc. | Not Affected | 10 Feb 2015 | 31 Mar 2015 |
Citrix | Not Affected | 10 Feb 2015 | 25 Mar 2015 |
D-Link Systems, Inc. | Not Affected | 10 Feb 2015 | 20 Mar 2015 |
F5 Networks, Inc. | Not Affected | 10 Feb 2015 | 31 Mar 2015 |
Microsoft Corporation | Not Affected | 10 Feb 2015 | 09 Mar 2015 |
Ricoh Company Ltd. | Not Affected | 10 Feb 2015 | 15 May 2015 |
Apple | Unknown | 10 Feb 2015 | 10 Feb 2015 |
CentOS | Unknown | 10 Feb 2015 | 10 Feb 2015 |
Debian GNU/Linux | Unknown | 10 Feb 2015 | 10 Feb 2015 |
Dell Computer Corporation, Inc. | Unknown | 10 Feb 2015 | 10 Feb 2015 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | 6.4 | AV:N/AC:L/Au:N/C:P/I:N/A:P |
Temporal | 5.2 | E:POC/RL:W/RC:UR |
Environmental | 3.9 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
相关文章
- CSRF漏洞实战靶场笔记
- 打造全自动漏洞赏金扫描工具
- Apache Shiro 反序列化漏洞(Shiro-721 CVE-2016-4437)
- 白帽子:挖漏洞技能
- 登录处cookie验证逻辑漏洞——以熊海CMS为例
- 漏洞修复--GNU Gzip 输入验证错误漏洞(CVE-2022-1271)
- Atitit. Xss 漏洞的原理and应用xss木马
- Apache Log4j2远程代码执行漏洞攻击,华为云安全支持检测拦截
- 【收藏】十大Webserver漏洞扫描工具
- (Android 即时通讯) [悬赏],不管是谁发现一个漏洞奖励人民币1000元!
- 75:应急响应-数据库&漏洞口令检索&应急取证箱——Win 日志自动神器 LogonTracer是一个好东西,漏洞和弱密码工具是本地漏洞检查,扫描探测思路
- Mysql 身份认证绕过漏洞(CVE-2012-2122)
- web未授权访问漏洞总结——非常全而细致 redis、mongodb、jenkins、zk、es、memcache、hadoop、couchdb、docker
- WEB漏洞攻防 - SQL注入 - 安全测试思路总结
- 主机高危热门漏洞