Vulnerability-Lookup

CNVD-2021-09048

Vulnerability from cnvd - Published: 2021-02-04

Title

Sourceforge Home DNS Server权限提升漏洞

Description

Home DNS Server是Sourceforge组织的一个支持DNS服务的开源软件。 Home DNS Server 0.10版本存在权限提升漏洞，该漏洞源于默认安装目录中无足够的访问限制，攻击者可利用该漏洞可以通过替换HomeDNSServer.exe二进制文件来提升特权。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新：https://github.com/an0ry/advisories/blob/main/CVE-2020-26132.md

Reference

https://sourceforge.net/projects/dnsserver/

Impacted products

Name
SourceForge Sourceforge Home DNS Server 0.10

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-26132",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-26132"
    }
  },
  "description": "Home DNS Server\u662fSourceforge\u7ec4\u7ec7\u7684\u4e00\u4e2a\u652f\u6301DNS\u670d\u52a1\u7684\u5f00\u6e90\u8f6f\u4ef6\u3002\n\nHome DNS Server 0.10\u7248\u672c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9ed8\u8ba4\u5b89\u88c5\u76ee\u5f55\u4e2d\u65e0\u8db3\u591f\u7684\u8bbf\u95ee\u9650\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u901a\u8fc7\u66ff\u6362HomeDNSServer.exe\u4e8c\u8fdb\u5236\u6587\u4ef6\u6765\u63d0\u5347\u7279\u6743\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1ahttps://github.com/an0ry/advisories/blob/main/CVE-2020-26132.md",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-09048",
  "openTime": "2021-02-04",
  "products": {
    "product": "SourceForge Sourceforge Home DNS Server 0.10"
  },
  "referenceLink": "https://sourceforge.net/projects/dnsserver/",
  "serverity": "\u9ad8",
  "submitTime": "2020-10-29",
  "title": "Sourceforge Home DNS Server\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2020-26132 (GCVE-0-2020-26132)

Vulnerability from cvelistv5 – Published: 2020-10-28 00:00 – Updated: 2024-08-04 15:49

Summary

An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

3 references

URL	Tags
https://sourceforge.net/projects/dnsserver/
https://github.com/an0ry/advisories
https://github.com/OffensiveOceloot/advisories/bl…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:49:07.144Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceforge.net/projects/dnsserver/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/an0ry/advisories"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-26132.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-27T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://sourceforge.net/projects/dnsserver/"
        },
        {
          "url": "https://github.com/an0ry/advisories"
        },
        {
          "url": "https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-26132.md"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-26132",
    "datePublished": "2020-10-28T00:00:00.000Z",
    "dateReserved": "2020-09-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:49:07.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-09048

CVE-2020-26132 (GCVE-0-2020-26132)

Tags

Sightings

Nomenclature