CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.

Product Status

Learn more

Information not provided

References 5 Total

securityfocus.com: 90952
external site
vdb-entry
https://bugzilla.redhat.com/show_bug.cgi?id=1332493
external site
openwall.com: [oss-security] 20170120 Re: CVE Request: two flaws in hesiod permitting privilege elevation
external site
mailing-list
https://github.com/achernya/hesiod/pull/10
external site
security.gentoo.org: GLSA-201805-01
external site
vendor-advisory

Updated: 2024-08-06

This container includes required additional information provided by the CVE Program for this vulnerability.

References 5 Total

securityfocus.com: 90952
external site
vdb-entryx_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1332493
external site
x_transferred
openwall.com: [oss-security] 20170120 Re: CVE Request: two flaws in hesiod permitting privilege elevation
external site
mailing-listx_transferred
https://github.com/achernya/hesiod/pull/10
external site
x_transferred
security.gentoo.org: GLSA-201805-01
external site
vendor-advisoryx_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 5 Total

CVE Program

References 5 Total