* SECURITY UPDATE: Matthew Dempsky discovered that Daniel J. Bernstein's
djbdns, a Domain Name System server, does not constrain offsets in the
required manner, which allows remote attackers with control over a
third-party subdomain served by tinydns and axfrdns, to trigger DNS
responses containing arbitrary records via crafted zone data for this
subdomain. (LP: #399012)
- CVE-2009-0858
- http://shinobi.dempsky.org/~matthew/djbdns-bug/patch
This bug was fixed in the package djbdns - 1:1.05-2ubuntu0.1
---------------
djbdns (1:1.05-2ubuntu0.1) intrepid-security; urgency=low
* SECURITY UPDATE: Matthew Dempsky discovered that Daniel J. Bernstein's shinobi. dempsky. org/~matthew/ djbdns- bug/patch
djbdns, a Domain Name System server, does not constrain offsets in the
required manner, which allows remote attackers with control over a
third-party subdomain served by tinydns and axfrdns, to trigger DNS
responses containing arbitrary records via crafted zone data for this
subdomain. (LP: #399012)
- CVE-2009-0858
- http://
-- Andreas Moog <email address hidden> Mon, 13 Jul 2009 22:55:59 +0200