pdnsd Bug in Processing ADNS Queries Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1015989
|
|
SecurityTracker URL: http://securitytracker.com/id?1015989
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 26 2006
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 1.2.4
|
Description: A vulnerability was reported in pdnsd. A remote user can cause denial of service conditions.
A remote user can send an ADNS query with an unsupported QTYPE or QCLASS to cause the target pdnsd daemon to leak memory and eventually
crash or result in performance degradation.
The vulnerability was discovered using the PROTOS DNS Test Tool created by the Oulu
University Secure Programming Group (OUSPG) from the University of Oulu in Finland. The tests generate invalid and/or abnormal
packets.
The vulnerability was disclosed by the UK NISCC. The NISCC advisory is available at:
http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en
|
Impact: A remote user can cause denial of service conditions on the target system.
|
Solution: The vendor has issued a fixed version (1.2.4), available at:
http://www.phys.uu.nl/~rombouts/pdnsd/dl.html
|
Vendor URL: www.phys.uu.nl/~rombouts/pdnsd.html (Links to External Site)
|
Cause: Exception handling error, Input validation error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
