Multiple vendor DNS implementation response denial of service
| dns-response-dos (17996) |  Low Risk |
Description:
Multiple vendor's implementation of the DNS (Domain Name System) protocol are vulnerable to a denial of service attack. If the DNS protocol is implemented to allow a response to be sent when a response is received, a remote attacker, in control of a malicious server, could cause messages to continuously bounce between the servers resulting in a denial of service.
Platforms Affected:
- AXIS, 2100 Network Camera 2.42
- AXIS, 2110 Network Camera 2.42
- AXIS, 2120 Network Camera 2.42
- AXIS, 2400+ Network Video Server 3.13
- AXIS, 2401+ Network Video Server 3.13
- AXIS, 2420 Network Camera 2.42
- AXIS, 2460 Network DVR 3.13
- DNRD, DNRD prior to 2.11
- Men & Mice, QuickDNS Server prior to 2.2.3
- Men & Mice, QuickDNS Server prior to 3.5.2
- Posadis, Poslib prior to 1.0.2-1
Remedy:
For Axis:
Apply the latest firmware version, available from the Axis Firmware Technical Support Web page. See References.
For DNRD:
Upgrade to the latest version of DNRD (2.11 or later), available from the SourceForge.net Web site. See References.
For QuickDNS Server prior to 2.2.3:
Upgrade to the latest version of QuickDNS Server (2.2.3 or later), available from the Men and Mice FTP site. See References.
For QuickDNS Server prior to 3.5.2:
Upgrade to the latest version of QuickDNS Server (3.5.2 or later), available from the Men and Mice FTP site. See References.
For Poslib:
Upgrade to the latest version of Poslib (1.0.2-1 or later), available from the Posadis Download Web page. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
Denial of Service
References:
- Axis Firmware Technical Support Web page, Axis Firmware at http://www.axis.com/techsup/firmware.php AXIS Network Scan Server: 1.14 and earlier 2 0 0.
- Men and Mice FTP site, FTP site at ftp://ftp.menandmice.com/pub/qdns/.
- Men and Mice FTP site, FTP site at ftp://ftp.menandmice.com/pub/qdns/.
- NISCC Vulnerability Advisory 758884/NISCC/DNS, Vulnerability Issues in Implementations of the DNS Protocol at http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en.
- Poslib multiple vulnerabilities fix [23-12-2003], Poslib advisory at http://www.posadis.org/security/pos_adv_006.txt.
- BID-11642: Multiple Vendor DNS Response Flooding Denial Of Service Vulnerability
- CVE-2004-0789: Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
- SA13145: Axis Products DNS Implementation Denial of Service Vulnerability
- SECTRACK ID: 1012157: Axis Network Camera DNS Loopback Error Lets Remote Users Deny Service
Reported:
Nov 09, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net