CVE-2008-4194

pdnsd < 1.2.7-par - Denial of Service via Long DNS Reply

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-4194. PoCs published by Marc Bevand, Julien Desfossez, I)ruid.

AI-analyzed exploit summary This is a functional proof-of-concept exploit for CVE-2008-1447, implementing the Kaminsky DNS cache poisoning attack. It crafts malicious DNS responses to poison a resolver's cache by exploiting predictable transaction IDs and port numbers.

Description

The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."

Exploits (3)

exploitdb WORKING POC VERIFIED
by Marc Bevand · cremotemultiple
https://www.exploit-db.com/exploits/6130

This is a functional proof-of-concept exploit for CVE-2008-1447, implementing the Kaminsky DNS cache poisoning attack. It crafts malicious DNS responses to poison a resolver's cache by exploiting predictable transaction IDs and port numbers.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Racy
Target: DNS resolvers (e.g., BIND, Microsoft DNS)
No auth needed
Prerequisites: Network access to target DNS resolver · Ability to spoof DNS responses
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Julien Desfossez · pythonremotemultiple
https://www.exploit-db.com/exploits/6123

This exploit leverages the DNS cache poisoning vulnerability (CVE-2008-1447) by brute-forcing transaction IDs to inject a malicious DNS record into a vulnerable DNS server. It uses Scapy to craft and send spoofed DNS responses.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Racy
Target: DNS servers vulnerable to cache poisoning (e.g., BIND, Microsoft DNS)
No auth needed
Prerequisites: Knowledge of the vulnerable DNS server's source port · Ability to send spoofed DNS responses to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by I)ruid · rubyremotemultiple
https://www.exploit-db.com/exploits/6122

This exploit targets the Kaminsky DNS Cache Poisoning flaw (CVE-2008-1447) by injecting malicious DNS records into a vulnerable DNS resolver. It replaces legitimate nameservers for a target domain with attacker-controlled ones via spoofed DNS responses.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: BIND 9.4.1-9.4.2
No auth needed
Prerequisites: Vulnerable DNS resolver with predictable query IDs · Network access to target DNS server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_confirm
http://www.phys.uu.nl/~rombouts/pdnsd.html
Various Sources x_refsource_confirm
http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45594
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2582

Scores

EPSS 0.0693
EPSS Percentile 93.3%

Details

CWE
CWE-399
Status published
Products (16)
pdnsd/pdnsd 1.1.7
pdnsd/pdnsd 1.1.7a
pdnsd/pdnsd 1.1.8b1-par4
pdnsd/pdnsd 1.1.8b1-par5
pdnsd/pdnsd 1.1.8b1-par6
pdnsd/pdnsd 1.1.8b1-par7
pdnsd/pdnsd 1.1.8b1-par8
pdnsd/pdnsd 1.1.9-par
pdnsd/pdnsd 1.1.10-par
pdnsd/pdnsd 1.1.11-par
... and 6 more
Published Sep 24, 2008
Tracked Since Feb 18, 2026