Published: 09/03/2009 Updated: 10/10/2018

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 585

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and previous versions does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.

Vulnerable Product	Search on Vulmon	Subscribe to Product
d.j.bernstein djbdns

source: wwwsecurityfocuscom/bid/33937/info The 'djbdns' package is prone to a remote cache-poisoning vulnerability An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks This issue affects djbdns 105; other versions may also be vulnera ...

CWE-20 http://securityandthe.net/2009/03/05/security-issue-in-djbdns-confirmed/http://it.slashdot.org/article.pl?sid=09/03/05/2014249 http://marc.info/?l=djbdns&m=123613000920446&w=2 http://marc.info/?l=djbdns&m=123554945710038 http://www.securityfocus.com/bid/33937 http://www.debian.org/security/2009/dsa-1831 http://secunia.com/advisories/35820 https://exchange.xforce.ibmcloud.com/vulnerabilities/49003 http://www.securityfocus.com/archive/1/501479/100/0/threaded http://www.securityfocus.com/archive/1/501340/100/0/threaded http://www.securityfocus.com/archive/1/501294/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/32825/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0858

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect