oss-sec mailing list archives
Re: CVE request: pdnsd <1.2.7 Denial of Service
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 23 Sep 2008 22:41:43 -0400 (EDT)
====================================================== Name: CVE-2008-4194 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4194 Reference: CONFIRM:http://www.phys.uu.nl/~rombouts/pdnsd.html Reference: CONFIRM:http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog Reference: FRSIRT:ADV-2008-2582 Reference: URL:http://www.frsirt.com/english/advisories/2008/2582 The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."
Current thread:
- CVE request: pdnsd <1.2.7 Denial of Service Robert Buchholz (Sep 19)
- Re: CVE request: pdnsd <1.2.7 Denial of Service Steven M. Christey (Sep 23)