Vulnerability Note VU#955777
Multiple vulnerabilities in DNS implementations
Numerous vulnerabilities have been reported in various Domain Name System (DNS) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause a DNS implementation to behave in an unstable/unpredictable manner.
The Domain Name System provides name, address, and other information about Internet Protocol (IP) networks and devices.
1. The Query Material -> [queries, dynamic DNS updates] -> DNS server
2. The Response Material -> [query replies] -> DNS server
3. The Response Material -> [query replies] -> DNS stub resolver (client)
4. The Zone Transfer Material -> [zone transfers] -> secondary DNS server
The test material simulates hostile input to the DNS implementation by sending invalid
and/or abnormal packets.
These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, gain access to sensitive information, or cause an DNS implementation to behave in an unstable/unpredictable manner.
Apply a patch from an affected product vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|F5 Networks, Inc.||Affected||26 Apr 2006||03 May 2006|
|Juniper Networks, Inc.||Affected||26 Apr 2006||27 Apr 2006|
|Openwall GNU/*/Linux||Affected||26 Apr 2006||10 May 2006|
|Hewlett-Packard Company||Not Affected||26 Apr 2006||10 May 2006|
|Hitachi||Not Affected||26 Apr 2006||01 May 2006|
|Ricoh Corporation||Not Affected||-||23 May 2006|
|Apple Computer, Inc.||Unknown||26 Apr 2006||26 Apr 2006|
|Conectiva Inc.||Unknown||26 Apr 2006||26 Apr 2006|
|Cray Inc.||Unknown||26 Apr 2006||26 Apr 2006|
|Debian GNU/Linux||Unknown||26 Apr 2006||26 Apr 2006|
|EMC, Inc. (formerly Data General Corporation)||Unknown||26 Apr 2006||26 Apr 2006|
|Engarde Secure Linux||Unknown||26 Apr 2006||26 Apr 2006|
|Fedora Project||Unknown||26 Apr 2006||26 Apr 2006|
|FreeBSD, Inc.||Unknown||26 Apr 2006||26 Apr 2006|
|Fujitsu||Unknown||26 Apr 2006||26 Apr 2006|
CVSS Metrics (Learn More)
These vulnerabilities were reported by NISCC and Oulu University Secure Programming Group (OUSPG)
This document was written by Jeff Gennari.
- CVE IDs: Unknown
- Date Public: 25 Apr 2006
- Date First Published: 28 Apr 2006
- Date Last Updated: 23 May 2006
- Severity Metric: 19.12
- Document Revision: 37
If you have feedback, comments, or additional information about this vulnerability, please send us email.