The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the .athena.mit.edu default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hesiod | Hesiod_project | * | 3.2.1 (including) |
| Hesiod | Ubuntu | artful | * |
| Hesiod | Ubuntu | bionic | * |
| Hesiod | Ubuntu | cosmic | * |
| Hesiod | Ubuntu | esm-apps/bionic | * |
| Hesiod | Ubuntu | esm-apps/xenial | * |
| Hesiod | Ubuntu | precise | * |
| Hesiod | Ubuntu | trusty | * |
| Hesiod | Ubuntu | upstream | * |
| Hesiod | Ubuntu | xenial | * |
| Hesiod | Ubuntu | yakkety | * |
| Hesiod | Ubuntu | zesty | * |
References
- http://www.openwall.com/lists/oss-security/2017/01/21/1
- http://www.securityfocus.com/bid/90952
- https://bugzilla.redhat.com/show_bug.cgi?id=1332493
- https://github.com/achernya/hesiod/pull/10
- https://security.gentoo.org/glsa/201805-01
- http://www.openwall.com/lists/oss-security/2017/01/21/1
- http://www.securityfocus.com/bid/90952
- https://bugzilla.redhat.com/show_bug.cgi?id=1332493
- https://github.com/achernya/hesiod/pull/10
- https://security.gentoo.org/glsa/201805-01