oss-sec mailing list archives

Re: CVE request: pdnsd <1.2.7 Denial of Service

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 23 Sep 2008 22:41:43 -0400 (EDT)


======================================================
Name: CVE-2008-4194
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4194
Reference: CONFIRM:http://www.phys.uu.nl/~rombouts/pdnsd.html
Reference: CONFIRM:http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
Reference: FRSIRT:ADV-2008-2582
Reference: URL:http://www.frsirt.com/english/advisories/2008/2582

The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par
allows remote attackers to cause a denial of service (daemon crash)
via a long DNS reply with many entries in the answer section, related
to a "dangling pointer bug."

Current thread:

CVE request: pdnsd <1.2.7 Denial of Service Robert Buchholz (Sep 19)
- Re: CVE request: pdnsd <1.2.7 Denial of Service Steven M. Christey (Sep 23)