The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the .athena.mit.edu default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Hesiod | Hesiod_project | * | 3.2.1 |