Cache poisoning vulnerabilities found in 2 DNS resolving apps
At least one CVE could weaken defenses put in place following 2008 disclosure.
The vulnerabilities, tracked as CVE-2025-40778 and CVE-2025-40780, stem from a logic error and a weakness in generating pseudo-random numbers, respectively. They each carry a severity rating of 8.6. Separately, makers of the Domain Name System resolver software Unbound warned of similar vulnerabilities that were reported by the same researchers. The unbound vulnerability severity score is 5.6
Revisiting Kaminsky’s cache poisoning attack
The vulnerabilities can be exploited to cause DNS resolvers located inside thousands of organizations to replace valid results for domain lookups with corrupted ones. The corrupted results would replace the IP addresses controlled by the domain name operator (for instance, 3.15.119.63 for arstechnica.com) with malicious ones controlled by the attacker. Patches for all three vulnerabilities became available on Wednesday.
]]>
Tags:
Related Posts
How Technology Shapes Our Daily Lives: A Deep Dive
Ever wonder how technology subtly influences your daily routine? Let's explore its impact on our lives and what it means for our future.
Exploring AI's Sycophancy: The Troubling Trends of LLMs
New research reveals LLMs' alarming tendency to agree with users, raising concerns about misinformation and ethical AI use.
Analysis of Amazon's Major Outage: A Single Point of Failure
A recent AWS outage affected millions globally, stemming from a DNS manager's failure, highlighting vulnerabilities in cloud services.
Herbal Remedies Gone Wrong: A Cautionary Tale of Pain Relief
A 61-year-old man in California nearly died after herbal supplements for joint pain led to severe health issues, highlighting the risks of unregulated remedies.
Revolutionizing Antibody Production: A Breakthrough Technique
A new clinical trial reveals a technique that could harness DNA to produce optimal antibodies, revolutionizing our response to infectious diseases.
Boox Palma 2 Pro: A Pocket-Sized E-Reader Revolution
The Boox Palma 2 Pro redefines e-reading with a color E Ink display and 5G, merging portability with functionality while fitting in your pocket.