Cisco Systems Inc. Information for VU#714121
Incorrect NXDOMAIN responses from AAAA queries could cause denial-of-service conditions
- Vendor Information Help Date Notified: 21 Mar 2003
- Statement Date:
- Date Updated: 23 May 2003
The Cisco Content Service Switch (CSS) 11000 and 11500 series switches respond
to certain Domain Name Service (DNS) name server record requests with an error
code and no Start of Authority (SOA) records, which can be negatively cached by
some DNS name servers resulting in a potential denial-of-service attack for a
particular domain name hosted by a CSS. To be affected by this vulnerability,
CSS devices must be configured for Global Server Load Balancing. The CERT/CC
issued a vulnerability note on this issue (VU#714121). Cisco is providing
repaired software, and customers are urged to upgrade to repaired code.
This vulnerability in CSS is documented as Cisco Bug IDs CSCdz62499 and
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.