Vulnerabilities > CVE-2008-4392 - Race Condition vulnerability in D.J.Bernstein Djbdns 1.05
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-20959.NASL description This fixes two of the cache poisoning issue in the DNS resolver - dnscache. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-04 plugin id 63376 published 2013-01-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63376 title Fedora 16 : ndjbdns-1.05.5-1.fc16 (2012-20959) NASL family Fedora Local Security Checks NASL id FEDORA_2012-20967.NASL description This fixes two of the cache poisoning issue in the DNS resolver - dnscache. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-04 plugin id 63378 published 2013-01-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63378 title Fedora 17 : ndjbdns-1.05.5-1.fc17 (2012-20967) NASL family Fedora Local Security Checks NASL id FEDORA_2012-20923.NASL description This fixes two of the cache poisoning issue in the DNS resolver - dnscache. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-14 plugin id 63499 published 2013-01-14 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63499 title Fedora 18 : ndjbdns-1.05.5-1.fc18 (2012-20923)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 33818 CVE(CAN) ID: CVE-2008-4392 djbdns是一个由Qmail的作者所设计的轻量级DNS server。 djbdns的dnscache服务组件没有正确地处理SOA记录,如果远程攻击者持续的向服务器发送大量的SOA请求和伪造回复,就会增加DNS缓存投毒攻击的成功概率。 D. J. Bernstein djbdns 1.05 厂商补丁: D. J. Bernstein --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.your.org/dnscache/djbdns-1.05-with-patches.tar.gz target=_blank rel=external nofollow>http://www.your.org/dnscache/djbdns-1.05-with-patches.tar.gz</a> |
| id | SSV:4803 |
| last seen | 2017-11-19 |
| modified | 2009-02-20 |
| published | 2009-02-20 |
| reporter | Root |
| title | djbdns dnscache SOA请求远程缓存中毒漏洞 |
References
- http://secunia.com/advisories/33855
- http://secunia.com/advisories/33855
- http://www.securityfocus.com/bid/33818
- http://www.securityfocus.com/bid/33818
- http://www.your.org/dnscache/
- http://www.your.org/dnscache/
- http://www.your.org/dnscache/djbdns.pdf
- http://www.your.org/dnscache/djbdns.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48807
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48807