Multiple vendor DNS request handling issues discovered using the PROTOS DNS Test Suite

dns-improper-request-handling (26081) The risk level is classified as HighHigh Risk

Description:

Various vendor implementations of Domain Name System (DNS) protocol have multiple remote vulnerabilities caused by improper handling of invalid or specially-crafted DNS queries, dynamic updates, responses, and zone transfer requests. These vulnerabilities were discovered using the PROTOS DNS Test Suite could allow a remote attacker to execute code on the affected system.

Platforms Affected:

  • DeleGate, DeleGate 8.11.5 and prior
  • DeleGate, DeleGate 9.0.5 and prior
  • Don Moore, MyDNS prior to 1.1.0
  • FUJITSU, NetShelter/FW E11L
  • FUJITSU, NetShelter/FW E12L
  • FUJITSU, NetShelter/FW-L
  • FUJITSU, NetShelter/FW-M
  • FUJITSU, NetShelter/FW-P
  • Furukawa, FITELnet E20/E30
  • Furukawa, FITELnet F100
  • Furukawa, FITELnet F1000
  • Furukawa, FITELnet F120
  • Furukawa, FITELnet F40
  • Furukawa, FITELnet F80
  • Furukawa, MUCHO EV/PK
  • Gentoo, Linux
  • ISC, BIND 4
  • ISC, BIND 4.9
  • ISC, BIND 4.9.10
  • ISC, BIND 4.9.2
  • ISC, BIND 4.9.3
  • ISC, BIND 4.9.4
  • ISC, BIND 4.9.5
  • ISC, BIND 4.9.5 P1
  • ISC, BIND 4.9.6
  • ISC, BIND 4.9.7
  • ISC, BIND 4.9.8
  • ISC, BIND 4.9.9
  • ISC, BIND 8
  • ISC, BIND 8.1
  • ISC, BIND 8.1.1
  • ISC, BIND 8.1.2
  • ISC, BIND 8.2 P1
  • ISC, BIND 8.2
  • ISC, BIND 8.2.1
  • ISC, BIND 8.2.2 P3
  • ISC, BIND 8.2.2 P5
  • ISC, BIND 8.2.2 P7
  • ISC, BIND 8.2.2 P1
  • ISC, BIND 8.2.2
  • ISC, BIND 8.2.2 P2
  • ISC, BIND 8.2.2 P4
  • ISC, BIND 8.2.2 P6
  • ISC, BIND 8.2.3
  • ISC, BIND 8.2.3_t1a
  • ISC, BIND 8.2.3_t9b
  • ISC, BIND 8.2.4
  • ISC, BIND 8.2.5
  • ISC, BIND 8.2.6
  • ISC, BIND 8.2.7
  • ISC, BIND 8.3.0
  • ISC, BIND 8.3.1
  • ISC, BIND 8.3.2
  • ISC, BIND 8.3.3
  • ISC, BIND 8.3.4
  • ISC, BIND 8.3.5
  • ISC, BIND 8.3.6
  • ISC, BIND 8.4
  • ISC, BIND 8.4.1
  • ISC, BIND 8.4.4
  • ISC, BIND 8.4.5
  • ISC, BIND 8.4.7
  • ISC, BIND 9.2.0
  • ISC, BIND 9.2.1
  • ISC, BIND 9.2.2
  • ISC, BIND 9.2.3
  • ISC, BIND 9.2.4
  • ISC, BIND 9.2.5
  • ISC, BIND 9.2.6
  • ISC, BIND 9.2.7
  • ISC, BIND 9.2.8
  • ISC, BIND 9.3
  • ISC, BIND 9.3.0
  • ISC, BIND 9.3.1
  • ISC, BIND 9.3.2
  • ISC, BIND 9.3.3
  • ISC, BIND 9.3.4
  • Juniper, JUNOS E
  • Paul A. Rombouts, pdnsd prior to 1.2.4

Remedy:

Refer to NISCC Vulnerability Advisory 144154/NISCC/DNS for vendor specific patch or upgrade information. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-05-10 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Access

References:

  • DeleGate Web site, DeleGate Home Page (www.delegate.org) at http://www.delegate.org/delegate/.
  • Internet Software Consortium, Inc. Web site, ISC BIND at http://www.isc.org/index.pl?/sw/bind/.
  • NISCC Vulnerability Advisory 144154/NISCC/DNS, Vulnerability Issues in Implementations of the DNS Protocol at http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en.
  • pdnsd Web page, pdnsd maintenance page by Paul Rombouts at http://www.phys.uu.nl/~rombouts/pdnsd.html.
  • BID-16431: MyDNS DNS Query Denial Of Service Vulnerability
  • BID-17691: DeleGate DNS Response Denial Of Service Vulnerability
  • BID-17692: ISC BIND TSIG Zone Transfer Denial Of Service Vulnerability
  • BID-17693: Juniper JUNOSe DNS Client Denial Of Service Vulnerability
  • BID-17694: Paul A. Rombouts PDNSD DNS Query Denial Of Service Vulnerability
  • BID-17710: Multiple FITELnet Products Unspecified DNS Handling Vulnerabilities
  • BID-17720: Paul A. Rombouts PDNSD Unspecified Buffer Overflow Vulnerability
  • BID-17791: Fujitsu NetShelter Unspecified DNS Denial Of Service Vulnerability
  • CVE-2006-2072: Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite.
  • CVE-2006-2073: Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a broken TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.
  • CVE-2006-2074: Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS client code
  • CVE-2006-2075: Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka Query-of-death
  • CVE-2006-2076: Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite.
  • CVE-2006-2077: Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact and attack vectors. NOTE: this issue might be related to the OUSPG PROTOS DNS test suite.
  • CVE-2006-2078: Multiple unspecified vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120, F1000, and E20/E30, allow remote attackers to cause a denial of service via crafted DNS messages that trigger errors in (1) ProxyDNS or (2) PKI-Resolver, as demonstrated by the OUSPG PROTOS DNS test suite.
  • CVE-2006-2240: Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite.
  • GLSA-200605-10: pdnsd: Denial of Service and potential arbitrary code execution
  • SA19750: DeleGate DNS Query Handling Denial of Service
  • SA19808: BIND Zone Transfer TSIG Handling Denial of Service
  • SA19820: FITELnet Products DNS Handling Vulnerability
  • SA19822: Juniper Networks JUNOSe DNS Response Handling Vulnerability
  • SA19835: pdnsd DNS Query Handling Memory Leak Vulnerability
  • SA19894: Fujitsu NetShelter/FW DNS Handling Denial of Service
  • SECTRACK ID: 1015989: pdnsd Bug in Processing ADNS Queries Lets Remote Users Deny Service
  • SECTRACK ID: 1015990: MyDNS Can Be Crashed By Remote Users Sending a `Query-of-Death` Request
  • SECTRACK ID: 1015991: DeleGate Can Be Crashed By Remote Systems Returning Specially Crafted DNS Responses
  • SECTRACK ID: 1015992: JUNOSe DNS Response Bug Lets Remote Users Deny Service
  • SECTRACK ID: 1015993: BIND Can Be Crashed By Remote Users Sending a Broken TSIG
  • US-CERT VU#955777: Multiple vulnerabilities in DNS implementations
  • VUPEN/ADV-2006-1505: Domain Name System (DNS) Protocol Implementations Multiple Vulnerabilities
  • VUPEN/ADV-2006-1506: DeleGate Domain Name System (DNS) Protocol Denial of Service Vulnerability
  • VUPEN/ADV-2006-1526: Juniper Networks JUNOSe DNS Response Handling Denial of Service Vulnerability
  • VUPEN/ADV-2006-1528: pdnsd Domain Name System (DNS) Query Handling Memory Leak Vulnerability
  • VUPEN/ADV-2006-1536: FITELnet Products DNS Requests Handling Denial of Service Vulnerability
  • VUPEN/ADV-2006-1537: ISC BIND Zone Transfer TSIG Handling Remote Denial of Service Vulnerability

Reported:

Apr 25, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page