FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

adns -- multiple vulnerabilities

Affected packages
adns < 1.5.2

Details

VuXML ID 08de38d2-e2d0-11ea-9538-0c9d925bbbc0
Discovery 2017-05-21
Entry 2020-08-20

Ian Jackson and the adns project reports:

Vulnerable applications: all adns callers. Exploitable by: the local recursive resolver. Likely worst case: Remote code execution.

Vulnerable applications: those that make SOA queries. Exploitable by: upstream DNS data sources. Likely worst case: DoS (crash of the adns-using application)

Vulnerable applications: those that use adns_qf_quoteok_query. Exploitable by: sources of query domain names. Likely worst case: DoS (crash of the adns-using application)

Vulnerable applications: adnshost. Exploitable by: code responsible for framing the input. Likely worst case: DoS (adnshost crashes at EOF).

References

CVE Name CVE-2017-9103
CVE Name CVE-2017-9104
CVE Name CVE-2017-9105
CVE Name CVE-2017-9106
CVE Name CVE-2017-9107
CVE Name CVE-2017-9108
CVE Name CVE-2017-9109
URL https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html