Results for dos

Threat Research

A Chronology of GandCrab v4.x

During the past two months, FortiGuard Labs has been monitoring an onslaught of updates from GandCrab as a result of their agile development method. Some of these updates included major changes, while some only had minimal. In the midst of this, a series of tit-for-tat exchanges were witnessed by many researchers between the ransomware authors and the South Korean-based security company Ahnlab over the vaccine tools that the latter released in mid-July.

By Joie SalvioAugust 27, 2018

Threat Research

Analysis of ISC BIND TKEY Query Response Handling DoS (CVE-2016-9131)

Another TKEY record-related bug in BIND has been fixed with a patch from the Internet Systems Consortium (ISC) that was released just after the New Year. This bug may take down BIND recursive servers by sending a simple query response with TKEY record, thereby causing a denial of service (DoS). This potential DoS vulnerability is caused by an assertion failure in Resolver.c when caching the DNS response with TKEY Record. In this post we will analyze the BIND source codes and expose the root cause of this vulnerability. The TKEY record...

By Dehui YinJanuary 18, 2017

Threat Research

Analysis of ISC BIND DNAME Answer Handling DoS (CVE-2016-8864)

A defect in BIND's handling of a DNAME answer was fixed in a critical update from the Internet Systems Consortium (ISC) several days ago. This defect affects all BIND recursive servers, and can be exploited to remotely take down recursive servers by sending a simple DNAME answer thereby causing a denial of service (DoS.) This potential DoS vulnerability is caused by an assertion failure in Resolver.c or Db.c when caching the DNS response with DNAME Record. In this post we will examine the underlying code and expose the root cause of this...

By Dehui YinNovember 08, 2016

Threat Research

Internet In Danger: Analysis of ISC Bind Patch (part 2)

In this second part article, we analyze two recent vulnerabilities in ISC BIND identified as CVE-2016-1286 and CVE-2016-2088. Based on advisories, these bugs can be triggered using a malformed DNAME record (CVE-2016-1286) or an OPT COOKIE records (CVE-2016-2088). These two bugs share the same attack scenario that can only be triggered when a BIND server makes a request and then receives a malformed response. Based on this requirement, recursive servers are at highest risk to this attack, because it’s not straightforward to ask an authoritative-only...

By Amir ZaliApril 01, 2016

Threat Research

Internet In Danger: Analysis of ISC Bind Patch (part 1)

The Internet Systems Consortium just released a couple of days ago a new patch (version 9.10.3-P4) to fix some issues in the most popular DNS server software in the world. The release note is available at https://kb.isc.org/article/AA-01363/81/BIND-9.10.3-P4-Release-Notes.html In this series of two articles, we will detail our investigation of these vulnerabilities and how we were able to protect our customers by deploying widely our detection. ISC released a patch for the BIND rndc control channel DoS vulnerability (CVE-2016-1285)....

By Dehui YinMarch 29, 2016

Industry Trends

Oracle VirtualBox Remote Display Server DoS Vulnerability Disclosed by FortiGuard Labs

Overview Oracle VirtualBox is a powerful, freely available Type 2 hypervisor that runs on Windows, Mac, Linux, and Solaris operating systems. It is used in both enterprise and prosumer settings. Although it doesn’t enjoy the enterprise market share of VMware and Microsoft Hyper-V, its free availability and flexibility make it a popular choice for test and development environments.   Researchers at FortiGuard Labs have discovered a remote denial of service (DoS) vulnerability (CVE-2015-4896) in the VirtualBox Remote Display...

By Peixue LiOctober 30, 2015