MyDNS Can Be Crashed By Remote Users Sending a 'Query-of-Death' Request
|
|
SecurityTracker Alert ID: 1015990
|
|
SecurityTracker URL: http://securitytracker.com/id?1015990
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 26 2006
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 1.1.0
|
Description: A vulnerability was reported in MyDNS. A remote user can cause denial of service conditions.
A remote user can send specially crafted data as part of a "query-of-death" attack to cause the target service to crash.
The vulnerability
was discovered using the PROTOS DNS Test Tool created by the Oulu University Secure Programming Group (OUSPG) from the University
of Oulu in Finland. The tests generate invalid and/or abnormal packets.
The vulnerability was disclosed by the UK NISCC. The
NISCC advisory is available at:
http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en
|
Impact: A remote user can cause denial of service conditions.
|
Solution: The vendor has issued a fixed version (1.1.0), available at:
http://mydns.bboy.net/download/
|
Vendor URL: mydns.bboy.net/ (Links to External Site)
|
Cause: Exception handling error, Input validation error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
