The 2009 Pwnie Nominee For Best Server-Side Bug

djbdns Cache-Poisoning Vulnerability (CVE-2009-0858)

Credit: Matthew Dempsky

Dan J. Bernstein had a long standing security guarantee offering $1000 to the first person to publicly report a security vulnerability in djbdns. Finally after roughly 18 years of djbdns development, a qualifying security vulnerability was reported by Matthew Dempsky and he was awarded the $1000 prize.

 (CVE-2009-0858)