Описание
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 3.2.1-3.1~build0.18.04.1 |
| cosmic | released | 3.2.1-3.1~build0.18.10.1 |
| devel | not-affected | 3.2.1-3.1 |
| disco | not-affected | 3.2.1-3.1 |
| esm-apps/bionic | released | 3.2.1-3.1~build0.18.04.1 |
| esm-apps/xenial | released | 3.2.1-3.1~build0.16.04.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
Показывать по
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls ba ...
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
Уязвимость функции read_config_file (lib/hesiod.c) демона для обеспечения доступа к базам данных DNS Hesiod, позволяющая нарушителю получить привилегии root
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3