Note:
This project will be discontinued after December 13, 2021. [more]
2009-02-19
dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.
Products | Djbdns |
Type | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) |
First patch | - None (likely due to unavailable code) |
Links |
• http://www.securityfocus.com/bid/33818
• http://secunia.com/advisories/33855 • http://www.your.org/dnscache/djbdns.pdf • http://www.your.org/dnscache/ • https://exchange.xforce.ibmcloud.com/vulnerabilities/48807 |