Summary
Multiple DNS vendors are reported susceptible to a denial of service vulnerability (Axis Communication, dnrd, Don Moore, Posadis).
This vulnerability results in vulnerable DNS servers entering into an infinite query and response message loop, leading to the consumption of network and CPU resources, and denying DNS service to legitimate users.
An attacker may exploit this flaw by finding two vulnerable servers and set up a 'ping-pong' attack between the two hosts.
Solution
http://www.uniras.gov.uk/vuls/2004/758884/index.htm
Severity
Classification
-
CVE CVE-2004-0789 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- AVG Anti-Virus UPX Processing Denial of Service Vulnerability
- ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
- Apple Safari 'WebKit.dll' Stack Consumption Vulnerability
- Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
- FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)