CVE-2009-0858

EPSS 13.7%

djbdns - privilege escalation

Published: 3/9/2009Modified: 4/28/2026

Description

The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.

Affected packages (2)

Debian/djbdnsfrom 0, < 1:1.05-5
Debian/djbdnsfrom 0, < 1:1.05-4+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0858