Posadis DNS Server Logging Format String Vulnerability

info
discussion
exploit
solution
references

Posadis DNS Server Logging Format String Vulnerability

Posadis is an open source implementation of a non caching DNS server. It is designed to be easy to use and configure. Posadis is available for Windows, Linux and many common Unix-like systems.

The logging function used by Posadis suffers from a format string vulnerability. Exploitation may result in a denial of service condition, or in the execution of arbitrary code. Remote exploitation has not been demonstrated, but may be possible.