DeleGate Can Be Crashed By Remote Systems Returning Specially Crafted DNS Responses
|
|
SecurityTracker Alert ID: 1015991
|
|
SecurityTracker URL: http://securitytracker.com/id?1015991
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 26 2006
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 8.11.5 (STABLE) and prior versions, 9.0.5 (DEVELOPMENT) and prior versions
|
Description: A vulnerability was reported in DeleGate. A remote system can cause denial of service conditions.
A remote DNS server can send a specially crafted message in reponse to a query to cause the target service to crash.
When running
as a DNS proxy, ICP server, and UDP-relay, the system may be affected.
Versions prior to 8.10.3 may have a more serious impact
than denial of service.
The vulnerability was discovered using the PROTOS DNS Test Tool created by the Oulu University Secure
Programming Group (OUSPG) from the University of Oulu in Finland. The tests generate invalid and/or abnormal packets.
The vulnerability
was disclosed by the UK NISCC. The NISCC advisory is available at:
http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en
|
Impact: A remote user can cause denial of service conditions.
|
Solution: The vendor has issued fixed versions (8.11.6, 9.0.6), available at:
http://www.delegate.org/delegate/download/
|
Vendor URL: www.delegate.org/delegate/ (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
