On Thu, 9 Mar 2023, Ondrej Filip wrote:
On 09. 03. 23 5:14, William wrote:
On 09/03/2023 13:41, Robert Scheck wrote:
Hello,
Hi!
with https://bugzilla.redhat.com/show_bug.cgi?id=2176483, Red Hat pointed
me today to CVE-2021-26928.
https://nvd.nist.gov/vuln/detail/CVE-2021-26928
contains a reference to BIRD 2.0.7, but no link related to BIRD upstream.
Do you see any chance for some comments on it (at least here)? Not sure if
MITRE adds it then as references at CVE-2021-26928.
I have a PDF of the Bird help documentation that I saved in 2019 (Fossies)
that lists password authentication mechanisms as per RFC2385 with extra
options for BSD systems. I'll defer to the Dev team on this for the final
word, but someone has some crossed wires here.
Yes, this functionality was added in 1.0.12 (12 Nov 2008). So I do not
understand this CVE.
Explanation is probably here:
https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2
at the end in the Disclosure Timeline.
Ondrej
Adam Pribyl
