CVE-2009-0858

CVE-2009-0858 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:P

The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.

Learn more about our Web Application Penetration Testing UK.