CVE-2009-0858
djbdns < 1.05 - Remote Arbitrary DNS Record Injection via Crafted Zone Data
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-0858. PoCs published by Matthew Dempsky.
AI-analyzed exploit summary This is a writeup describing the steps to exploit a cache-poisoning vulnerability in djbdns 1.05. It includes instructions for building the necessary tools and performing a zone transfer to manipulate cache data.
Description
The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.
Exploits (1)
This is a writeup describing the steps to exploit a cache-poisoning vulnerability in djbdns 1.05. It includes instructions for building the necessary tools and performing a zone transfer to manipulate cache data.