Login Sign Up

CVE-2012-5582

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2012-5582 is a critical vulnerability in OpenDNSSEC where improper use of libcurl API allows remote code execution. Attackers can exploit this by sending malicious DNS responses to trigger arbitrary code execution on vulnerable systems. This affects OpenDNSSEC installations that process external DNS queries.

💻 Affected Systems

Products:
  • OpenDNSSEC
Versions: Versions prior to 1.3.5
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: All OpenDNSSEC installations using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Opendnssec by Opendnssec

View all CVEs affecting Opendnssec →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker gains full control of the OpenDNSSEC server, potentially compromising DNS infrastructure and enabling further network attacks.

🟠

Likely Case

Remote code execution leading to DNS manipulation, data exfiltration, or installation of backdoors on vulnerable servers.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to DNS service disruption rather than full system compromise.

🌐 Internet-Facing: HIGH - OpenDNSSEC servers typically process external DNS queries, making them directly accessible to attackers.
🏢 Internal Only: MEDIUM - Internal-only servers still vulnerable to internal threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending malicious DNS responses to trigger the libcurl misuse.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenDNSSEC 1.3.5 and later

Vendor Advisory: https://www.opendnssec.org/security-advisory-20121128-opendnssec-misuses-libcurl-api/

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Stop OpenDNSSEC service. 3. Update to OpenDNSSEC 1.3.5 or later using package manager. 4. Restart OpenDNSSEC service. 5. Verify service is running correctly.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to OpenDNSSEC servers to only trusted DNS sources.

iptables -A INPUT -p udp --dport 53 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -s trusted_ip -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j DROP
iptables -A INPUT -p tcp --dport 53 -j DROP

🧯 If You Can't Patch

  • Implement strict network ACLs to limit DNS traffic to trusted sources only
  • Monitor OpenDNSSEC logs for unusual activity and implement intrusion detection

🔍 How to Verify

Check if Vulnerable:

Check OpenDNSSEC version: opendnssec --version | grep 'OpenDNSSEC'

Check Version:

opendnssec --version | grep 'OpenDNSSEC'

Verify Fix Applied:

Verify version is 1.3.5 or higher: opendnssec --version

📡 Detection & Monitoring

Log Indicators:

  • Unusual DNS response patterns
  • OpenDNSSEC process crashes
  • Unexpected system commands executed

Network Indicators:

  • Malformed DNS responses to OpenDNSSEC servers
  • Unusual outbound connections from OpenDNSSEC servers

SIEM Query:

source="opendnssec.log" AND ("crash" OR "segmentation fault" OR "libcurl")

📊 Metadata

CVE ID: CVE-2012-5582
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: November 25, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2012-5582, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)