VYPR

Hesiod

by Hesiod

Source repositories

CVEs (2)

  • CVE-2016-10152CriMar 28, 2017
    risk 0.57cvss 9.8epss 0.07

    The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.

  • CVE-2016-10151HigMar 1, 2017
    risk 0.39cvss 7.0epss 0.00

    The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging…