PT-2009-3450 · Dj Bernstein · Djbdns

Matthew Dempsky

Publicado

2009-03-09

Atualizado

2018-10-10

CVE-2009-0858

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions djbdns versions 1.05 and earlier

Description The issue concerns the response addname function in response.c, which does not properly constrain offsets. This allows remote attackers, who have control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.

Recommendations For djbdns versions 1.05 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2009-0858

DSA-1831-1

Produtos afetados

Djbdns

PT-2009-3450 · Dj Bernstein · Djbdns

CVE-2009-0858

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16