惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
SecWiki News
SecWiki News
V
Visual Studio Blog
博客园 - 三生石上(FineUI控件)
WordPress大学
WordPress大学
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园 - 【当耐特】
Martin Fowler
Martin Fowler
宝玉的分享
宝玉的分享
F
Fortinet All Blogs
U
Unit 42
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
aimingoo的专栏
aimingoo的专栏
V
V2EX
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 聂微东
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
O
OpenAI News
T
Troy Hunt's Blog
TaoSecurity Blog
TaoSecurity Blog
小众软件
小众软件
MongoDB | Blog
MongoDB | Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
L
LINUX DO - 最新话题
N
News | PayPal Newsroom
PCI Perspectives
PCI Perspectives
Engineering at Meta
Engineering at Meta
美团技术团队
J
Java Code Geeks
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
人人都是产品经理
人人都是产品经理
雷峰网
雷峰网
V
Vulnerabilities – Threatpost
B
Blog RSS Feed
NISL@THU
NISL@THU
Security Latest
Security Latest
The Register - Security
The Register - Security
酷 壳 – CoolShell
酷 壳 – CoolShell
The GitHub Blog
The GitHub Blog
S
SegmentFault 最新的问题
N
News and Events Feed by Topic
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Schneier on Security
罗磊的独立博客
Know Your Adversary
Know Your Adversary
Hacker News: Ask HN
Hacker News: Ask HN
S
Security Affairs
月光博客
月光博客
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

Security Review on CoreDNS: DNS and Service Discovery

暂无文章

Trail Of Bits Security Review
coredns · 2022-02-24 · via Security Review on CoreDNS: DNS and Service Discovery

Trail of Bits (https://trailofbits.com) conducted a security review and threat model of CoreDNS.

Quoting from the security review summary:

“The audit uncovered one high-severity issue (TOB-CDNS-8) concerning a bug that could lead to cache poisoning attacks. The majority of the other issues are of informational or low severity; these include several resulting from insufficient data validation, specifically from assumptions about the data processed by various functions, which we discovered by running fuzzing harnesses. Most of the findings pertain to denial-of-service vulnerabilities.”

The report can be found in Trail of Bits’ publications on GitHub: https://github.com/trailofbits/publications/blob/master/reviews/CoreDNS.pdf

At this time, the following PRs have been opened to address issues raised in the report: