Published: 19/02/2009 Updated: 08/08/2017

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote malicious users to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.

Vulnerable Product	Search on Vulmon	Subscribe to Product
d.j.bernstein djbdns 1.05

Debian Bug report logs - #516394 [security]: Rapid DNS Poisoning in dnscache Package: djbdns; Maintainer for djbdns is Dmitry Bogatov <KAction@debianorg>; Reported by: "Hideki Yamane \(Debian-JP\)" <henrich@debianorjp> Date: Sat, 21 Feb 2009 07:27:02 UTC Severity: critical Tags: patch, security Found in versions ...

Recursive DNS/DNSCurve server and comandline tool to debug DNS/DNSCurve

dq tool based on dnsq and dnsqr from djbdns added IPv6 support added DNSCurve support (Streamlined/TXT) dqcache recursive server based on dnscache from djbdns added support for streamlined DNSCurve added support for TXT DNSCurve added support for combined DNSCurve (streamlined and TXT) added support for DNS anchors with DNSCurve keys added full IPv6 support added support for

CWE-362 http://secunia.com/advisories/33855 http://www.your.org/dnscache/djbdns.pdf http://www.your.org/dnscache/http://www.securityfocus.com/bid/33818 https://exchange.xforce.ibmcloud.com/vulnerabilities/48807 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516394 https://nvd.nist.gov https://github.com/janmojzis/dq

CVE-2008-4392

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect