oss-sec mailing list archives

CVE id request: tinydns crafted zone file cache poisoning vulnerability

From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 01 Mar 2009 20:54:09 +0100

tinydns from djbdns version 1.05 and earlier incorrectly implements
DNS label compression, allowing malicious zone editors to inject
poisonous records into the additional section.

<http://article.gmane.org/gmane.network.djbdns/13833>

Current thread:

CVE id request: tinydns crafted zone file cache poisoning vulnerability Florian Weimer (Mar 01)
- Re: CVE id request: tinydns crafted zone file cache poisoning vulnerability Steven M. Christey (Mar 16)