Ns.se

Download

ns.se@lists.iis.se

August 2025

3 participants
2 discussions

Obscure DNS vulnerability
by Anne-Marie Aug. 29, 2025

Aug. 29, 2025

Hi, Got this from a friend of mine, I can’t verify. Any comments? So this is an interesting one: Updated info yesterday from Microsoft regarding a DNS protocol (?) vulnerability in dns resolvers - with no CVE reference. First released on Dec 8,2020, last updated Aug 28 2025. No CVE. No PoC or known exploitation. A dns cache poisoning caused by IP fragmentation (!), and the suggested (temporary?) workaround is to reduce the Maximum UDP packet size to 1221 bytes, so that larger requests will switch to TCP. I've seen some weird issues & workarounds throughout my years. This is absolutely one of those cases! https://msrc.microsoft.com/update-guide/vulnerability/ADV200013 /amel ________________________ Anne-Marie Eklund Löwinder Amelsec AB Hägervägen 27, 122 39 Enskede +46 734315310 @amelsec.bsky.social

2 2

DNS-dagen. Anmälan är nu öppen – säkra din plats redan idag!
by Kristian Ørmen Aug. 3, 2025

Aug. 3, 2025

DNS-dagen Välkommen till en heldag som enbart handlar om DNS Du anmäler dig till DNS-dagen via följande länk: https://registryt.wufoo.com/forms/dns-dagen/ Bekräftade talare: Jakob Schlyter Mikael Kullberg Torbjörn Eklöv Jonathan Magnusson Ulrich Wisser Pamela Davidsson Mats Dufberg Johan Stenstam Kristian Ørmen 10 september 2025 kl. 10:00 - 19:30 på Internetstiftelsen Internetstiftelsen Hammarby Kaj 10D 120 07 Stockholm Agenda: 10:00 – 12:00 Talks 12:00 – 13:00 Lunch 13:00 – 15:00 Talks 15:30 – 15:30 Fika 16:00 – 17:30 Talks 17:30 – 19:30 AW Dela gärna inbjudan, även med personer som inte finns med på ns.se-listan. Välkommen! Med vänliga hälsningar, Kristian Ørmen Internetstiftelsen

1 0