CVE-2006-2076

Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/19835
http://secunia.com/advisories/20055
http://securitytracker.com/id?1015989	Patch
http://www.gentoo.org/security/en/glsa/glsa-200605-10.xml
http://www.kb.cert.org/vuls/id/955777	US Government Resource
http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en	Vendor Advisory
http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en	Vendor Advisory
http://www.phys.uu.nl/~rombouts/pdnsd.html
http://www.securityfocus.com/bid/17694	Patch
http://www.vupen.com/english/advisories/2006/1505
http://www.vupen.com/english/advisories/2006/1528
https://exchange.xforce.ibmcloud.com/vulnerabilities/26081

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pdnsd:pdnsd:1.0.13:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.0.15:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.1:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.2:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.3:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.4:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.5:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.6:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.7a:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par5:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par6:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par8:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.10_par:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.1.11_par:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.2.1_par:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.2.2_par:::::::*
	cpe:2.3:a:pdnsd:pdnsd:1.2.3_par:::::::*

History

No history.

Information

Published : 2006-04-27 22:03

Updated : 2024-02-28 10:42

NVD link : CVE-2006-2076

Mitre link : CVE-2006-2076

CVE.ORG link : CVE-2006-2076

JSON object : View

Products Affected

pdnsd

pdnsd

CWE

NVD-CWE-Other

{"id": "CVE-2006-2076", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-04-27T22:03:00.000", "references": [{"url": "http://secunia.com/advisories/19835", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20055", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015989", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-10.xml", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/955777", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.phys.uu.nl/~rombouts/pdnsd.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17694", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1505", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1528", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite."}], "lastModified": "2017-07-20T01:31:09.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25CA7CEF-0542-449A-B3A8-B82848A6CD3B"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9DEBAFA-77D8-4FCC-9514-79318F951EC8"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99963775-9ADD-4135-BE83-EC3C2ECF7791"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E40E6EE-77F1-48A3-B86B-24676E076EA7"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F615F9A7-A638-4B62-9E95-F964F562B020"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D188D6A9-F740-4ECA-B9DC-FFBD62D56175"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C4D68F2-3C70-475E-B7C5-C992509945B1"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F95A9845-7B28-4159-940C-FB8A2C2F67B8"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC022BE8-0949-4401-85EB-5A889CDD9612"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.7a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1848A537-D8B7-4C56-980B-B19237603A21"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07127D33-E813-413C-A9B6-61018880A071"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A94AAB8-1FBA-4762-AA6E-55ECC8284A44"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E49C9040-4A00-4CD0-9357-0649295DEF18"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.10_par:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8C6254C-3583-44DB-AAF5-37CAE8E97B15"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.1.11_par:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB981DF6-B6E4-46E5-B81F-2A9AEE8780EF"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.2.1_par:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF7A894A-4CE6-415E-8601-F495D8DBEE0F"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.2.2_par:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E4019AD-FD86-41ED-AF5A-C170A64D6231"}, {"criteria": "cpe:2.3:a:pdnsd:pdnsd:1.2.3_par:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C73271DE-40DF-4D27-9A7F-4C81177B1707"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}