Multiple vulnerabilities in drpoxy
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-33988 CVE-2022-33989 CVE-2022-33990 CVE-2022-33991 |
| CWE-ID | CWE-345 CWE-330 CWE-20 CWE-16 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
dproxy Server applications / DNS servers |
| Vendor | dproxy |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Insufficient verification of data authenticity
EUVDB-ID: #VU66536
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-33988
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DNS cache poisoning attacks.
The vulnerability exists due to dproxy re-uses the DNS transaction id (TXID) value from client queries. A remote attacker with ability to send requests to DNS resolver can conduct DNS cache-poisoning attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsdproxy: 0.5
External linkshttp://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
http://www.openwall.com/lists/oss-security/2022/08/14/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of insufficiently random values
EUVDB-ID: #VU66537
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-33989
CWE-ID:
CWE-330 - Use of Insufficiently Random Values
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DNS cache poisoning attacks.
The vulnerability exists due to dproxy uses a static UDP source port, which is selected randomly only at boot time, in upstream queries sent to DNS resolvers. A remote attacker can conduct DNS cache-poisoning attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsdproxy: 0.5
External linkshttp://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
http://www.openwall.com/lists/oss-security/2022/08/14/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU66538
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-33990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DNS cache poisoning attacks.
The vulnerability exists due to insufficient validation of special domain name characters. A remote attacker can send specially crafted input to the application and perform DNS cache poisoning attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsdproxy: 0.5
External linkshttp://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
http://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
http://www.openwall.com/lists/oss-security/2022/08/14/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Insecure configuration
EUVDB-ID: #VU66539
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-33991
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to dproxy forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1, which in turn disables DNSSEC protection provided by upstream resolvers and allows to perform DNS cache poisoning.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsdproxy: 0.5
External linkshttp://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
http://www.openwall.com/lists/oss-security/2022/08/14/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
