RSS   Podatności dla 'Djbdns'   RSS

2012-02-17
 
CVE-2012-1191

CWE-DesignError
 

 
The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

 
2009-03-09
 
CVE-2009-0858

CWE-20
 

 
The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.

 
2009-02-19
 
CVE-2008-4392

CWE-362
 

 
dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.

 


Copyright 2024, cxsecurity.com

 

Back to Top