Vulnerabilities > CVE-2006-2076 - Denial Of Service vulnerability in Paul A. Rombouts PDNSD DNS Query

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
pdnsd
nessus
NVD
Published: 2006-04-27
Updated: 2017-07-20

Summary

Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite.

Vulnerable Configurations

Part Description Count
Application
Pdnsd
18

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200605-10.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200605-10 (pdnsd: Denial of Service and potential arbitrary code execution) The pdnsd team has discovered an unspecified buffer overflow vulnerability. The PROTOS DNS Test Suite, by the Oulu University Secure Programming Group (OUSPG), has also revealed a memory leak error within the handling of the QTYPE and QCLASS DNS queries, leading to consumption of large amounts of memory. Impact : An attacker can craft malicious DNS queries leading to a Denial of Service, and potentially the execution of arbitrary code. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id21352
published2006-05-13
reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21352
titleGLSA-200605-10 : pdnsd: Denial of Service and potential arbitrary code execution
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200605-10.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(21352);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:43");

  script_cve_id("CVE-2006-2076", "CVE-2006-2077");
  script_xref(name:"GLSA", value:"200605-10");

  script_name(english:"GLSA-200605-10 : pdnsd: Denial of Service and potential arbitrary code execution");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200605-10
(pdnsd: Denial of Service and potential arbitrary code execution)

    The pdnsd team has discovered an unspecified buffer overflow
    vulnerability. The PROTOS DNS Test Suite, by the Oulu University Secure
    Programming Group (OUSPG), has also revealed a memory leak error within
    the handling of the QTYPE and QCLASS DNS queries, leading to
    consumption of large amounts of memory.
  
Impact :

    An attacker can craft malicious DNS queries leading to a Denial of
    Service, and potentially the execution of arbitrary code.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200605-10"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All pdnsd users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=net-dns/pdnsd-1.2.4-r1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:pdnsd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/01/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-dns/pdnsd", unaffected:make_list("ge 1.2.4"), vulnerable:make_list("lt 1.2.4"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdnsd");
}

References