The readconfigfile function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.2.1-3.1~build0.16.04.1", "binary_name": "hesiod" }, { "binary_version": "3.2.1-3.1~build0.16.04.1", "binary_name": "libhesiod-dev" }, { "binary_version": "3.2.1-3.1~build0.16.04.1", "binary_name": "libhesiod0" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.2.1-3.1~build0.18.04.1", "binary_name": "hesiod" }, { "binary_version": "3.2.1-3.1~build0.18.04.1", "binary_name": "libhesiod-dev" }, { "binary_version": "3.2.1-3.1~build0.18.04.1", "binary_name": "libhesiod0" } ] }