PT-2009-3450 · Dj Bernstein · Djbdns

Matthew Dempsky

Published

2009-03-09

Updated

2018-10-10

CVE-2009-0858

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions djbdns versions 1.05 and earlier

Description The issue concerns the response addname function in response.c, which does not properly constrain offsets. This allows remote attackers, who have control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.

Recommendations For djbdns versions 1.05 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-0858

DSA-1831-1

Affected Products

Djbdns

PT-2009-3450 · Dj Bernstein · Djbdns

CVE-2009-0858

Weakness Enumeration

Related Identifiers

Affected Products

References · 16