The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the “.athena.mit.edu” default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
CPE | Name | Operator | Version |
---|---|---|---|
hesiod | eq | hesiod-3.1.0 | |
hesiod | eq | hesiod-3.0.0 | |
hesiod | eq | hesiod-3.2.0 | |
hesiod | eq | hesiod-3.1.1 | |
hesiod | eq | hesiod-2.0.0 | |
hesiod | eq | hesiod-3.2.1 | |
hesiod | eq | hesiod-3.0.2 | |
hesiod | eq | hesiod-3.0.1 |