Vulnerabilities > CVE-2006-2076 - Denial Of Service vulnerability in Paul A. Rombouts PDNSD DNS Query
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite.
Vulnerable Configurations
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200605-10.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200605-10 (pdnsd: Denial of Service and potential arbitrary code execution) The pdnsd team has discovered an unspecified buffer overflow vulnerability. The PROTOS DNS Test Suite, by the Oulu University Secure Programming Group (OUSPG), has also revealed a memory leak error within the handling of the QTYPE and QCLASS DNS queries, leading to consumption of large amounts of memory. Impact : An attacker can craft malicious DNS queries leading to a Denial of Service, and potentially the execution of arbitrary code. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21352 |
published | 2006-05-13 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21352 |
title | GLSA-200605-10 : pdnsd: Denial of Service and potential arbitrary code execution |
code |
|
References
- http://secunia.com/advisories/19835
- http://secunia.com/advisories/20055
- http://securitytracker.com/id?1015989
- http://www.gentoo.org/security/en/glsa/glsa-200605-10.xml
- http://www.kb.cert.org/vuls/id/955777
- http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en
- http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en
- http://www.phys.uu.nl/~rombouts/pdnsd.html
- http://www.securityfocus.com/bid/17694
- http://www.vupen.com/english/advisories/2006/1505
- http://www.vupen.com/english/advisories/2006/1528
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26081