The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-03-09T21:00:00
Updated: 2018-10-10T18:57:01
Reserved: 2009-03-09T00:00:00
Link: CVE-2009-0858
JSON object: View
NVD Information
Status : Modified
Published: 2009-03-09T21:30:00.327
Modified: 2018-10-10T19:32:14.317
Link: CVE-2009-0858
JSON object: View
Redhat Information
No data.
CWE