| VID |
19016 |
| Severity |
30 |
| Port |
53 |
| Protocol |
UDP |
| Class |
DNS |
| Detailed Description |
The DNS server appears to be vulnerable to a Response Flooding Denial Of Service Vulnerability.
The Domain Name System (DNS) protocol is an Internet service that translates domain names into Internet Protocol (IP) addresses. Multiple DNS vendors are reported susceptible to a denial of service vulnerability. This vulnerability results in vulnerable DNS servers entering into an infinite query and response message loop, leading to the consumption of network and CPU resources, and denying DNS service to legitimate users. An attacker may exploit this flaw by finding two vulnerable servers and set up a 'ping-pong' attack between the two hosts.
In addition, by sending these implementations a query that appears to originate from the localhost on UDP port 53, the server will respond to itself and will keep responding to these responses, hence entering a loop which can exhaust system resources and hence result in a denial-of-service attack.
* References:
http://www.uniras.gov.uk/vuls/2004/758884/index.htm
* Platforms Affected:
Axis Communications, Axis 2100 Network Camera 2.42
Axis Communications, Axis 2110 Network Camera 2.42
Axis Communications, Axis 2120 Network Camera 2.42
Axis Communications, Axis 2401+ Network Video Server Release 3.13
Axis Communications, Axis 2420 Network Camera 2.42
Axis Communications, Axis 2460 Network DVR Release 3.13
Men & Mice, QuickDNS Server prior to 2.2.3
Men & Mice, QuickDNS Server prior to 3.5.2
Posadis, Poslib prior to 1.0.2-1
SourceForge.net, DNRD prior to 2.11
null, Axis 2400+ Network Video Server Release 3.13
MaraDNS 0.8.05 and earlier
Don Moore MyDNS 0.10.0 and earlier
DeleGate 8.9.5 and earlier
Any operating system Any version |
| Recommendation |
For Axis:
Apply the latest firmware version, available from the Axis Firmware Technical Support Web page at http://www.axis.com/techsup/firmware.php
For DeleGate:
Upgrade to the latest version (8.9.6 or later) of DeleGate, available from DeleGate Download FTP site at ftp://ftp.delegate.org/pub/DeleGate/
For Don Moore MyDNS:
Upgrade to the latest version (0.11.0 or later) of MyDNS, available from MyDNS Download Web site at http://mydns.bboy.net/download/
For MaraDNS:
Upgrade to the latest version (0.9.05 or later) of MaraDNS, available from MaraDNS Download Web site at http://www.maradns.org/download/
For DNRD:
Upgrade to the latest version of DNRD (2.11 or later), available from the SourceForge.net Web site at http://sourceforge.net/projects/dnrd/
For QuickDNS Server prior to 2.2.3:
Upgrade to the latest version of QuickDNS Server (2.2.3 or later), available from the Men and Mice FTP site at ftp://ftp.menandmice.com/pub/quickdns/old/
For QuickDNS Server prior to 3.5.2:
Upgrade to the latest version of QuickDNS Server (3.5.2 or later), available from the Men and Mice FTP site at ftp://ftp.menandmice.com/pub/quickdns/
For Poslib:
Upgrade to the latest version of Poslib (1.0.2-1 or later), available from the Posadis Download Web page at http://www.posadis.org/security/pos_adv_006.txt
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2004-0789 (CVE) |
| Related URL |
11642 (SecurityFocus) |
| Related URL |
17996,17997 (ISS) |
|
