CVE-2008-4194

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."

References

http://www.phys.uu.nl/~rombouts/pdnsd.html

http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog

http://www.vupen.com/english/advisories/2008/2582

https://exchange.xforce.ibmcloud.com/vulnerabilities/45594

Details

Source: MITRE

Published: 2008-09-24

Updated: 2017-08-08

Type: CWE-399

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
40382VMSA-2008-0014 : Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues.NessusVMware ESX Local Security Checks
medium
36526Mandriva Linux Security Advisory : bind (MDVSA-2008:139)NessusMandriva Local Security Checks
medium
35347GLSA-200901-03 : pdnsd: Denial of Service and cache poisoningNessusGentoo Local Security Checks
medium
33772Debian DSA-1623-1 : dnsmasq - DNS cache poisoningNessusDebian Local Security Checks
medium
33739Debian DSA-1619-1 : python-dns - DNS response spoofingNessusDebian Local Security Checks
medium
33464Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : bind9 vulnerability (USN-622-1)NessusUbuntu Local Security Checks
medium
33450Debian DSA-1603-1 : bind9 - DNS cache poisoningNessusDebian Local Security Checks
medium
27094Solaris 9 (x86) : 114265-23NessusSolaris Local Security Checks
medium
26165Solaris 9 (sparc) : 112837-24NessusSolaris Local Security Checks
medium
13429Solaris 8 (x86) : 109327-24NessusSolaris Local Security Checks
critical
13321Solaris 8 (sparc) : 109326-24NessusSolaris Local Security Checks
critical