Vulnerabilities > CVE-2005-0037 - Remote Denial of Service vulnerability in Multiple Vendor DNS Message Decompression

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

dnrd

NVD

Published: 2005-12-31

Updated: 2008-09-05

Summary

The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. This vulnerability is addressed in the following product release: dnrd, dnrd, 2.10

Vulnerable Configurations

Part	Description	Count
Application	Dnrd Dnrd Dnrd 1.0 Dnrd Dnrd 1.1 Dnrd Dnrd 1.2 Dnrd Dnrd 1.3 Dnrd Dnrd 1.4 Dnrd Dnrd 2.0 Dnrd Dnrd 2.1 Dnrd Dnrd 2.2 Dnrd Dnrd 2.3 Dnrd Dnrd 2.4 Dnrd Dnrd 2.5 Dnrd Dnrd 2.6 Dnrd Dnrd 2.7 Dnrd Dnrd 2.8 Dnrd Dnrd 2.9	15

References

http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en
http://www.osvdb.org/25291
http://www.securityfocus.com/bid/13729