[Intrepid] Security issue could allow dns-poisoning
Bug #399012 reported by
Andreas Moog
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| djbdns (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Binary package hint: djbdns
Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain
Name System server, does not constrain offsets in the required manner,
which allows remote attackers with control over a third-party subdomain
served by tinydns and axfrdns, to trigger DNS responses containing
arbitrary records via crafted zone data for this subdomain.
This got fixed with Debian's 1.05-5, however in Intrepid we still have the vulnerable 1.05-2.
See http://
and http://
Related branches
CVE References
Revision history for this message
| Andreas Moog (ampelbein) wrote | #1 |
| Changed in djbdns (Ubuntu): | |
| importance: | Undecided → Medium |
| status: | New → In Progress |
| visibility: | private → public |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in djbdns (Ubuntu): | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
djbdns (1:1.05-2ubuntu0.1) intrepid-security; urgency=low
* SECURITY UPDATE: Matthew Dempsky discovered that Daniel J. Bernstein's
djbdns, a Domain Name System server, does not constrain offsets in the
required manner, which allows remote attackers with control over a
third-party subdomain served by tinydns and axfrdns, to trigger DNS
responses containing arbitrary records via crafted zone data for this
subdomain. (LP: #399012)
- CVE-2009-0858
- http://
-- Andreas Moog <email address hidden> Mon, 13 Jul 2009 22:55:59 +0200