CVE-2009-0858

EPSS 13.7%

djbdns - privilege escalation

發布日:2009/3/9修改日:2026/4/28

描述

The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.

受影響套件(2)

Debian/djbdnsfrom 0, < 1:1.05-5
Debian/djbdnsfrom 0, < 1:1.05-4+lenny1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0858