Vulnerabilities > Hesiod Project

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-28	CVE-2016-10152	Permissions, Privileges, and Access Controls vulnerability in Hesiod Project Hesiod The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. network low complexity hesiod-project CWE-264 critical	10.0
2017-03-01	CVE-2016-10151	Permissions, Privileges, and Access Controls vulnerability in Hesiod Project Hesiod 3.2.1 The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. local hesiod-project CWE-264	6.9

Vulnerabilities > Hesiod Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Hesiod Project"}]}