Lucene search

[email protected]CVE-2009-0858

HistoryMar 09, 2009 - 9:30 p.m.

CVE-2009-0858

2009-03-0921:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve

2009

0858

djbdns

response_addname

vulnerability

dns

remote attackers

nvd

6.7 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.029 Low

EPSS

Percentile

90.8%

JSON

The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.

Affected configurations

NVD

Node

d.j.bernsteindjbdnsRange≤1.05

CPENameOperatorVersion
d.j.bernstein:djbdnsd.j.bernstein djbdnsle1.05

CPE	Name	Operator	Version
d.j.bernstein:djbdns	d.j.bernstein djbdns	le	1.05

References

it.slashdot.org/article.pl?sid=09/03/05/2014249

marc.info/?l=djbdns&m=123554945710038

marc.info/?l=djbdns&m=123613000920446&w=2

secunia.com/advisories/35820

securityandthe.net/2009/03/05/security-issue-in-djbdns-confirmed/

www.debian.org/security/2009/dsa-1831

www.securityfocus.com/archive/1/501294/100/0/threaded

www.securityfocus.com/archive/1/501340/100/0/threaded

www.securityfocus.com/archive/1/501479/100/0/threaded

www.securityfocus.com/bid/33937

exchange.xforce.ibmcloud.com/vulnerabilities/49003

6.7 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.029 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2009-0858

nessus1 cvelist1 nvd1 debian1 prion1 openvas5 debiancve1 ubuntucve1