ISS X-Force Database: dns-localhost-dos(17997): Multiple vendor DNS implementation localhost query denial of service

Multiple vendor DNS implementation localhost query denial of service

dns-localhost-dos (17997)

Medium Risk

Description:

Multiple vendor implementations of the DNS (Domain Name System) protocol are vulnerable to a denial of service attack. A remote attacker could send a spoofed DNS query that appears to come from the localhost on UDP port 53, which would cause the server to continuously respond to itself, resulting in a denial of service.

Consequences:

Denial of Service

Remedy:

For Axis:
Apply the latest firmware version, available from the Axis Firmware Technical Support Web page. See References.

For DNRD:
Upgrade to the latest version of DNRD (2.11 or later), available from the SourceForge.net Web site. See References.

For QuickDNS Server prior to 2.2.3:
Upgrade to the latest version of QuickDNS Server (2.2.3 or later), available from the Men and Mice FTP site. See References.

For QuickDNS Server prior to 3.5.2:
Upgrade to the latest version of QuickDNS Server (3.5.2 or later), available from the Men and Mice FTP site. See References.

For Poslib:
Upgrade to the latest version of Poslib (1.0.2-1 or later), available from the Posadis Download Web page. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Axis Firmware Technical Support Web page: Axis Firmware.
Men and Mice FTP site: FTP site.
Men and Mice FTP site: FTP site.
NISCC Vulnerability Advisory 758884/NISCC/DNS: Vulnerability Issues in Implementations of the DNS Protocol.
Poslib multiple vulnerabilities fix [23-12-2003]: Poslib advisory.
BID-11642: Multiple Vendor DNS Response Flooding Denial Of Service Vulnerability
CVE-2004-0789: Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
SA13145: Axis Products DNS Implementation Denial of Service Vulnerability
SECTRACK ID: 1012157: Axis Network Camera DNS Loopback Error Lets Remote Users Deny Service

Platforms Affected:

AXIS 2100 Network Camera 2.42
AXIS 2110 Network Camera 2.42
AXIS 2120 Network Camera 2.42
AXIS 2400+ Network Video Server 3.13
AXIS 2401+ Network Video Server 3.13
AXIS 2420 Network Camera 2.42
AXIS 2460 Network DVR 3.13

Reported:

Nov 09, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page