[Intrepid] Security issue could allow dns-poisoning
Bug #399012 reported by
Andreas Moog
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
djbdns (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: djbdns
Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain
Name System server, does not constrain offsets in the required manner,
which allows remote attackers with control over a third-party subdomain
served by tinydns and axfrdns, to trigger DNS responses containing
arbitrary records via crafted zone data for this subdomain.
This got fixed with Debian's 1.05-5, however in Intrepid we still have the vulnerable 1.05-2.
See http://
and http://
Related branches
CVE References
visibility: | private → public |
To post a comment you must log in.
djbdns (1:1.05-2ubuntu0.1) intrepid-security; urgency=low
* SECURITY UPDATE: Matthew Dempsky discovered that Daniel J. Bernstein's shinobi. dempsky. org/~matthew/ djbdns- bug/patch
djbdns, a Domain Name System server, does not constrain offsets in the
required manner, which allows remote attackers with control over a
third-party subdomain served by tinydns and axfrdns, to trigger DNS
responses containing arbitrary records via crafted zone data for this
subdomain. (LP: #399012)
- CVE-2009-0858
- http://
-- Andreas Moog <email address hidden> Mon, 13 Jul 2009 22:55:59 +0200