var-200604-0574
Vulnerability from variot
Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite. Numerous vulnerabilities have been reported in various Domain Name System (DNS) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause a DNS implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ In multiple products DNS For protocol implementation, DNS There are deficiencies due to protocol specifications, and certain DNS There are problems that cause memory area corruption and buffer overflow when packets are processed. Depending on the product implementation, the impact will vary, but if exploited by a remote attacker, DNS A service that processes packets or an application may go out of service. The discoverer also suggests the possibility of arbitrary code execution.Please refer to the “Overview” for the impact of this vulnerability. There are several unexplained vulnerabilities in the 9.x series prior to DeleGate 9.0.6 and the 8.x series prior to 8.11.6. The vendor has addressed this issue in versions 8.11.6 and 9.0.6; earlier versions are vulnerable. ISC BIND is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the application to properly handle malformed TSIG (Secret Key Transaction Authentication for DNS) replies. To exploit this issue, attackers must be able to send messages with a correct TSIG during a zone transfer. This limits the potential for remote exploits significantly. An attacker can exploit this issue to crash the affected service, effectively denying service to legitimate users.
TITLE: DeleGate DNS Query Handling Denial of Service
SECUNIA ADVISORY ID: SA19750
VERIFY ADVISORY: http://secunia.com/advisories/19750/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: DeleGate 8.x http://secunia.com/product/1237/
DESCRIPTION: A vulnerability has been reported in DeleGate, which can be exploited by malicious people to cause a DoS (Denial of Service). This can lead to out-of-bounds memory accesses and infinite recursive function calls, which causes the process to stop responding to requests.
The vulnerability has been reported in version 8.11.5 and prior (stable), and in version 9.0.5 and prior (development).
SOLUTION: Update to version 8.11.6 or later. http://www.delegate.org/delegate/download/
The vulnerability has also been fixed in development version 9.0.6.
PROVIDED AND/OR DISCOVERED BY: Reported by vendor based on DNS Test Tool created by Oulu University Secure Programming Group.
ORIGINAL ADVISORY: NISCC: http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200604-0574",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "7.7.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "7.7.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "7.8.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "7.8.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "7.8.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "7.9.11"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "8.10"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "9.0.5"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "9.0.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "9.0.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "9.0.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "9.0.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "9.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "8.9.6"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "8.9.5"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "8.9.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "8.5.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.11.5"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.11.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.11.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.11.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.11.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.11"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.10.6"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.10.5"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.10.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.10.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.10.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.10.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.4.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.3.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.3.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openwall gnu linux",
"version": null
},
{
"model": "delegate",
"scope": "lte",
"trust": 0.8,
"vendor": "delegate",
"version": "8.11.5"
},
{
"model": "delegate",
"scope": "lte",
"trust": 0.8,
"vendor": "delegate",
"version": "9.0.5"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "9.0.6"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.11.6"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.3.2"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.3.1"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.3"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.2.3"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.2.2"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.2.1"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.2"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.1.3"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.1.2"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.1.1"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.1"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.0.1"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "9.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#955777"
},
{
"db": "CNVD",
"id": "CNVD-2006-2722"
},
{
"db": "BID",
"id": "17691"
},
{
"db": "BID",
"id": "17692"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000242"
},
{
"db": "NVD",
"id": "CVE-2006-2072"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-533"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:7.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:7.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.10.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:7.9.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:9.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:7.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:7.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.11.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:9.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:9.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:7.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:8.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:9.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:delegate:delegate:9.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2072"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This issue was discovered by the PROTOS DNS Test Suite, which was developed by the Oulu University Secure Programming Group (OUSPG).",
"sources": [
{
"db": "BID",
"id": "17691"
},
{
"db": "BID",
"id": "17692"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-533"
}
],
"trust": 1.2
},
"cve": "CVE-2006-2072",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2006-2072",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2006-2722",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-2072",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#955777",
"trust": 0.8,
"value": "19.13"
},
{
"author": "CNVD",
"id": "CNVD-2006-2722",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200604-533",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#955777"
},
{
"db": "CNVD",
"id": "CNVD-2006-2722"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000242"
},
{
"db": "NVD",
"id": "CVE-2006-2072"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-533"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite. Numerous vulnerabilities have been reported in various Domain Name System (DNS) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause a DNS implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ In multiple products DNS For protocol implementation, DNS There are deficiencies due to protocol specifications, and certain DNS There are problems that cause memory area corruption and buffer overflow when packets are processed. Depending on the product implementation, the impact will vary, but if exploited by a remote attacker, DNS A service that processes packets or an application may go out of service. The discoverer also suggests the possibility of arbitrary code execution.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. There are several unexplained vulnerabilities in the 9.x series prior to DeleGate 9.0.6 and the 8.x series prior to 8.11.6. \nThe vendor has addressed this issue in versions 8.11.6 and 9.0.6; earlier versions are vulnerable. ISC BIND is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the application to properly handle malformed TSIG (Secret Key Transaction Authentication for DNS) replies. \nTo exploit this issue, attackers must be able to send messages with a correct TSIG during a zone transfer. This limits the potential for remote exploits significantly. \nAn attacker can exploit this issue to crash the affected service, effectively denying service to legitimate users. \n\nTITLE:\nDeleGate DNS Query Handling Denial of Service\n\nSECUNIA ADVISORY ID:\nSA19750\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19750/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nDeleGate 8.x\nhttp://secunia.com/product/1237/\n\nDESCRIPTION:\nA vulnerability has been reported in DeleGate, which can be exploited\nby malicious people to cause a DoS (Denial of Service). This can lead to out-of-bounds memory\naccesses and infinite recursive function calls, which causes the\nprocess to stop responding to requests. \n\nThe vulnerability has been reported in version 8.11.5 and prior\n(stable), and in version 9.0.5 and prior (development). \n\nSOLUTION:\nUpdate to version 8.11.6 or later. \nhttp://www.delegate.org/delegate/download/\n\nThe vulnerability has also been fixed in development version 9.0.6. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor based on DNS Test Tool created by Oulu University\nSecure Programming Group. \n\nORIGINAL ADVISORY:\nNISCC:\nhttp://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2072"
},
{
"db": "CERT/CC",
"id": "VU#955777"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000242"
},
{
"db": "CNVD",
"id": "CNVD-2006-2722"
},
{
"db": "BID",
"id": "17691"
},
{
"db": "BID",
"id": "17692"
},
{
"db": "PACKETSTORM",
"id": "45737"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "17691",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#955777",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2006-2072",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "19750",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1505",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-1506",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1015991",
"trust": 1.6
},
{
"db": "BID",
"id": "17692",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000242",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2006-2722",
"trust": 0.6
},
{
"db": "XF",
"id": "26081",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200604-533",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "45737",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#955777"
},
{
"db": "CNVD",
"id": "CNVD-2006-2722"
},
{
"db": "BID",
"id": "17691"
},
{
"db": "BID",
"id": "17692"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000242"
},
{
"db": "PACKETSTORM",
"id": "45737"
},
{
"db": "NVD",
"id": "CVE-2006-2072"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-533"
}
]
},
"id": "VAR-200604-0574",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2722"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2722"
}
]
},
"last_update_date": "2023-12-18T12:32:42.617000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3156",
"trust": 0.8,
"url": "http://www.delegate.org/mail-lists/delegate-en/3156"
},
{
"title": "DeleGate DNS Response Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/40810"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2722"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000242"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2072"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en"
},
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/17691"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/955777"
},
{
"trust": 2.2,
"url": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en"
},
{
"trust": 1.6,
"url": "http://jvn.jp/niscc/niscc-144154/index.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/19750"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1015991"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/1505"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/1506"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/dns/index.html"
},
{
"trust": 0.8,
"url": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2072"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060425-00312.xml"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-2072"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/17692"
},
{
"trust": 0.8,
"url": "http://isc.sans.org/diary.php?storyid=1290"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1506"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1505"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/26081"
},
{
"trust": 0.3,
"url": "http://www.delegate.org"
},
{
"trust": 0.3,
"url": "http://www.delegate.org/delegate/updates/"
},
{
"trust": 0.3,
"url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
},
{
"trust": 0.3,
"url": "http://www.isc.org/products/bind/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1237/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.delegate.org/delegate/download/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19750/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#955777"
},
{
"db": "CNVD",
"id": "CNVD-2006-2722"
},
{
"db": "BID",
"id": "17691"
},
{
"db": "BID",
"id": "17692"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000242"
},
{
"db": "PACKETSTORM",
"id": "45737"
},
{
"db": "NVD",
"id": "CVE-2006-2072"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-533"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#955777"
},
{
"db": "CNVD",
"id": "CNVD-2006-2722"
},
{
"db": "BID",
"id": "17691"
},
{
"db": "BID",
"id": "17692"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000242"
},
{
"db": "PACKETSTORM",
"id": "45737"
},
{
"db": "NVD",
"id": "CVE-2006-2072"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-533"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-04-28T00:00:00",
"db": "CERT/CC",
"id": "VU#955777"
},
{
"date": "2006-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-2722"
},
{
"date": "2006-04-25T00:00:00",
"db": "BID",
"id": "17691"
},
{
"date": "2006-04-25T00:00:00",
"db": "BID",
"id": "17692"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000242"
},
{
"date": "2006-04-27T21:57:26",
"db": "PACKETSTORM",
"id": "45737"
},
{
"date": "2006-04-27T22:02:00",
"db": "NVD",
"id": "CVE-2006-2072"
},
{
"date": "2006-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-533"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-23T00:00:00",
"db": "CERT/CC",
"id": "VU#955777"
},
{
"date": "2006-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-2722"
},
{
"date": "2006-04-26T19:31:00",
"db": "BID",
"id": "17691"
},
{
"date": "2006-04-26T19:31:00",
"db": "BID",
"id": "17692"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000242"
},
{
"date": "2017-07-20T01:31:09.600000",
"db": "NVD",
"id": "CVE-2006-2072"
},
{
"date": "2006-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-533"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "17691"
},
{
"db": "BID",
"id": "17692"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DeleGate DNS Response Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2722"
},
{
"db": "BID",
"id": "17691"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-533"
}
],
"trust": 1.5
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "17691"
},
{
"db": "BID",
"id": "17692"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-533"
}
],
"trust": 1.2
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.