CVE-2009-0858

The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
d.j.bernsteindjbdns
𝑥
≤ 1.05
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
djbdns
bullseye
1:1.05-13+deb11u1
fixed
bookworm
1:1.05-15
fixed
sid
1:1.05-16
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
djbdns
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
dne
gutsy
dne
dapper
dne
Common Weakness Enumeration
References
http://it.slashdot.org/article.pl?sid=09/03/05/2014249
http://marc.info/?l=djbdns&m=123554945710038
http://marc.info/?l=djbdns&m=123613000920446&w=2
http://secunia.com/advisories/35820
http://securityandthe.net/2009/03/05/security-issue-in-djbdns-confirmed/
http://www.debian.org/security/2009/dsa-1831
http://www.securityfocus.com/archive/1/501294/100/0/threaded
http://www.securityfocus.com/archive/1/501340/100/0/threaded
http://www.securityfocus.com/archive/1/501479/100/0/threaded
http://www.securityfocus.com/bid/33937
https://exchange.xforce.ibmcloud.com/vulnerabilities/49003
http://it.slashdot.org/article.pl?sid=09/03/05/2014249
http://marc.info/?l=djbdns&m=123554945710038
http://marc.info/?l=djbdns&m=123613000920446&w=2
http://secunia.com/advisories/35820
http://securityandthe.net/2009/03/05/security-issue-in-djbdns-confirmed/
http://www.debian.org/security/2009/dsa-1831
http://www.securityfocus.com/archive/1/501294/100/0/threaded
http://www.securityfocus.com/archive/1/501340/100/0/threaded
http://www.securityfocus.com/archive/1/501479/100/0/threaded
http://www.securityfocus.com/bid/33937
https://exchange.xforce.ibmcloud.com/vulnerabilities/49003