Misc. : SheerDNS directory traversal

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.11535

Category: Misc.

Title: SheerDNS directory traversal

Summary: NOSUMMARY

Description: Description:

The remote server seems to be running SheerDNS 1.0.0 or older.

This version is vulnerable to several flaws allowing :
- A remote attacker to read certain files with predefined names
(A, PTR, CNAME, ...)

- A local attacker to read the first line of arbitrary files with the
privileges of the DNS server (typically root)

- A local attacker to execute arbitrary code through a buffer overflow

Solution : Upgrade to SheerDNS 1.0.1 or disable this service
Risk factor : Low (remotely) / High (locally)

Cross-Ref: BugTraq ID: 7335
BugTraq ID: 7336

Copyright This script is Copyright (C) 2003 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.11535
Category:	Misc.
Title:	SheerDNS directory traversal
Summary:	NOSUMMARY
Description:	Description: The remote server seems to be running SheerDNS 1.0.0 or older. This version is vulnerable to several flaws allowing : - A remote attacker to read certain files with predefined names (A, PTR, CNAME, ...) - A local attacker to read the first line of arbitrary files with the privileges of the DNS server (typically root) - A local attacker to execute arbitrary code through a buffer overflow Solution : Upgrade to SheerDNS 1.0.1 or disable this service Risk factor : Low (remotely) / High (locally)
Cross-Ref:	BugTraq ID: 7335 BugTraq ID: 7336
Copyright	This script is Copyright (C) 2003 Renaud Deraison