RSS_BOT CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed

RSS_BOT CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed - Printable Version

+- 0Day Forums (https://0day.red)
+-- Forum: Hacking & Exploits (https://0day.red/Forum-Hacking-Exploits)
+--- Forum: Mobile Hacking (https://0day.red/Forum-Mobile-Hacking)
+--- Thread: RSS_BOT CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed (/Thread-RSS-BOT-CVE-2012-2808-Android-4-0-4-DNS-poisoning-vulnerability-Exposed)

RSS_BOT CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed - snootiness534273 - 08-16-2012

CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed

Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su cient for a feasible attack. Android version 4.0.4 and below are Vulnerable to this bug.<!-- adsense --

[To see links please register here]