ID CVE-2006-2076
Summary Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite.
References
Vulnerable Configurations
  • cpe:2.3:a:pdnsd:pdnsd:1.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.7a:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par5:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par5:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par6:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par6:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par8:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.8b1_par8:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.10_par:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.10_par:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.1.11_par:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.1.11_par:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.2.1_par:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.2.1_par:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.2.2_par:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.2.2_par:*:*:*:*:*:*:*
  • cpe:2.3:a:pdnsd:pdnsd:1.2.3_par:*:*:*:*:*:*:*
    cpe:2.3:a:pdnsd:pdnsd:1.2.3_par:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 17694
cert-vn VU#955777
confirm http://www.phys.uu.nl/~rombouts/pdnsd.html
gentoo GLSA-200605-10
misc
sectrack 1015989
secunia
  • 19835
  • 20055
vupen
  • ADV-2006-1505
  • ADV-2006-1528
xf dns-improper-request-handling(26081)
Last major update 20-07-2017 - 01:31
Published 27-04-2006 - 22:03
Last modified 20-07-2017 - 01:31
Back to Top