ISS X-Force Database: dns-response-dos(17996): Multiple vendor DNS implementation response denial of service

Multiple vendor DNS implementation response denial of service

dns-response-dos (17996)

Medium Risk

Description:

Multiple vendor's implementation of the DNS (Domain Name System) protocol are vulnerable to a denial of service attack. If the DNS protocol is implemented to allow a response to be sent when a response is received, a remote attacker, in control of a malicious server, could cause messages to continuously bounce between the servers resulting in a denial of service.

Consequences:

Denial of Service

Remedy:

For Axis:
Apply the latest firmware version, available from the Axis Firmware Technical Support Web page. See References.

For DNRD:
Upgrade to the latest version of DNRD (2.11 or later), available from the SourceForge.net Web site. See References.

For QuickDNS Server prior to 2.2.3:
Upgrade to the latest version of QuickDNS Server (2.2.3 or later), available from the Men and Mice FTP site. See References.

For QuickDNS Server prior to 3.5.2:
Upgrade to the latest version of QuickDNS Server (3.5.2 or later), available from the Men and Mice FTP site. See References.

For Poslib:
Upgrade to the latest version of Poslib (1.0.2-1 or later), available from the Posadis Download Web page. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Axis Firmware Technical Support Web page: Axis Firmware.
Men and Mice FTP site: FTP site.
Men and Mice FTP site: FTP site.
NISCC Vulnerability Advisory 758884/NISCC/DNS: Vulnerability Issues in Implementations of the DNS Protocol.
Poslib multiple vulnerabilities fix [23-12-2003]: Poslib advisory.
BID-11642: Multiple Vendor DNS Response Flooding Denial Of Service Vulnerability
CVE-2004-0789: Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
SA13145: Axis Products DNS Implementation Denial of Service Vulnerability
SECTRACK ID: 1012157: Axis Network Camera DNS Loopback Error Lets Remote Users Deny Service

Platforms Affected:

AXIS 2100 Network Camera 2.42
AXIS 2110 Network Camera 2.42
AXIS 2120 Network Camera 2.42
AXIS 2400+ Network Video Server 3.13
AXIS 2401+ Network Video Server 3.13
AXIS 2420 Network Camera 2.42
AXIS 2460 Network DVR 3.13
DNRD DNRD prior to 2.11
Men & Mice QuickDNS Server prior to 2.2.3
Men & Mice QuickDNS Server prior to 3.5.2
Posadis Poslib prior to 1.0.2-1

Reported:

Nov 09, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page