Description
The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Matthew Dempsky · textremotelinux
https://www.exploit-db.com/exploits/32825
References (11)
Core 11
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35820
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501340/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49003
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501479/100/0/threaded
Patch x_refsource_misc
http://securityandthe.net/2009/03/05/security-issue-in-djbdns-confirmed/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1831
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=djbdns&m=123613000920446&w=2
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33937
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501294/100/0/threaded
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=djbdns&m=123554945710038
Various Sources x_refsource_misc
http://it.slashdot.org/article.pl?sid=09/03/05/2014249
Scores
EPSS
0.1367
EPSS Percentile
94.3%
Details
CWE
CWE-20
Status
published
Products (1)
d.j.bernstein/djbdns
< 1.05
Published
Mar 09, 2009
Tracked Since
Feb 18, 2026