Vulnerabilities > CVE-2006-2072 - Denial Of Service vulnerability in DeleGate DNS Response

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
delegate
nessus
NVD
Published: 2006-04-27
Updated: 2017-07-20

Summary

Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite.

Vulnerable Configurations

Part Description Count
Application
Delegate
36

Nessus

NASL familyFirewalls
NASL idDELEGATE_DNS.NASL
descriptionThe remote host is running Delegate, a multi-application proxy. The remote version of this software is vulnerable to a denial of service when processing invalid DNS responses. An attacker may exploit this flaw to disable this service remotely. To exploit this flaw, an attacker would need to be able to inject malformed DNS responses to the queries sent by the remote application.
last seen2020-06-01
modified2020-06-02
plugin id21293
published2006-04-26
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21293
titleDeleGate DNS Response Message DoS
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(21293);
 script_version ("1.14");

 script_cve_id("CVE-2006-2072");
 script_bugtraq_id(17691);

 script_name(english:"DeleGate DNS Response Message DoS");
 
 script_set_attribute(attribute:"synopsis", value:
"A rogue DNS server may crash the remote proxy." );
 script_set_attribute(attribute:"description", value:
"The remote host is running Delegate, a multi-application proxy.

The remote version of this software is vulnerable to a denial of service
when processing invalid DNS responses. An attacker may exploit this flaw to
disable this service remotely.

To exploit this flaw, an attacker would need to be able to inject malformed
DNS responses to the queries sent by the remote application." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to DeleGate 8.11.6 or newer." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2006/04/26");
 script_set_attribute(attribute:"vuln_publication_date", value: "2006/04/25");
 script_cvs_date("Date: 2018/07/10 14:27:33");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 script_summary(english:"Detetermines the version of the remote DeleGate proxy"); 
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
 script_family(english:"Firewalls"); 
 script_dependencie("http_version.nasl");
 script_require_ports("Services/http_proxy", 8080);
 exit(0);
}

#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_kb_item("Services/www");
if(!port) port = 8080;

if(get_port_state(port))
{
   banner = get_http_banner(port:port);
   if ( banner && "DeleGate/" >< banner )
   {
   serv = egrep(string:banner, pattern:"^Server:");
   if(ereg(pattern:"^Server:.*DeleGate/[0-7]\.|8\.([0-9]\.|10\.|11\.[0-5][^0-9])", string:serv, icase:TRUE)) security_warning(port);
   }
}

References