Computer Security
[EN] securityvulns.ru no-pyccku


ldns buffer overflow
updated since 07.05.2009
Published:27.11.2011
Source:
SecurityVulns ID:9899
Type:remote
Threat Level:
6/10
Description:Buffer overflow on records parsing.
Affected:LDNS : ldns 1.5
 LDNS : ldns 1.4
 LDNS : ldns 1.6
CVE:CVE-2011-3581 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.)
 CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2353-1] ldns security update (27.11.2011)
 documentDEBIAN, [SECURITY] [DSA 1795-1] New ldns packages fix arbitrary code execution (07.05.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod