CVE Vulnerabilities

CVE-2016-10152

Published: Mar 28, 2017 | Modified: Oct 21, 2018
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the .athena.mit.edu default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.

Affected Software

Name Vendor Start Version End Version
Hesiod Hesiod_project * 3.2.1

References