var-200512-0639
Vulnerability from variot
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. This issue arises when an affected application handles a specially crafted DNS message. A successful attack would crash the affected client or server.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Cisco Various Products Compressed DNS Messages Denial of Service
SECUNIA ADVISORY ID: SA15472
VERIFY ADVISORY: http://secunia.com/advisories/15472/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From remote
OPERATING SYSTEM: Cisco ATA 180 Series Analog Telephone Adaptors http://secunia.com/product/2810/
SOFTWARE: Cisco IP Phone 7900 Series http://secunia.com/product/2809/ Cisco ACNS Software Version 5.x http://secunia.com/product/2268/ Cisco ACNS Software Version 4.x http://secunia.com/product/2269/ Cisco Unity Express 2.x http://secunia.com/product/5151/
DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the DNS implementation during the decompression of compressed DNS messages and can be exploited via a specially crafted DNS packet containing invalid information in the compressed section.
Successful exploitation crashes a vulnerable device or causes it to function abnormally.
The vulnerability affects the following products: * Cisco IP Phones 7902/7905/7912 * Cisco ATA (Analog Telephone Adaptor) 186/188 * Cisco Unity Express
The following Cisco ACNS (Application and Content Networking System) devices are also affected: * Cisco 500 Series Content Engines * Cisco 7300 Series Content Engines * Cisco Content Routers 4400 series * Cisco Content Distribution Manager 4600 series * Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers.
SOLUTION: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software
PROVIDED AND/OR DISCOVERED BY: NISCC credits Dr. Steve Beaty.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml
NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200512-0639", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powerdns", "scope": "eq", "trust": 1.9, "vendor": "powerdns", "version": "2.9.15" }, { "model": "powerdns", "scope": "eq", "trust": 1.6, "vendor": "powerdns", "version": "2.9.4" }, { "model": "powerdns", "scope": "eq", "trust": 1.6, "vendor": "powerdns", "version": "2.9.5" }, { "model": "powerdns", "scope": "eq", "trust": 1.6, "vendor": "powerdns", "version": "2.9.6" }, { "model": "powerdns", "scope": "eq", "trust": 1.6, "vendor": "powerdns", "version": "2.9.14" }, { "model": "powerdns", "scope": "eq", "trust": 1.6, "vendor": "powerdns", "version": "2.9.8" }, { "model": "powerdns", "scope": "eq", "trust": 1.6, "vendor": "powerdns", "version": "2.9.3a" }, { "model": "powerdns", "scope": "eq", "trust": 1.6, "vendor": "powerdns", "version": "2.9.7" }, { "model": "powerdns", "scope": "eq", "trust": 1.6, "vendor": "powerdns", "version": "2.9.2" }, { "model": "powerdns", "scope": "eq", "trust": 1.3, "vendor": "powerdns", "version": "2.8" }, { "model": "powerdns", "scope": "eq", "trust": 1.0, "vendor": "powerdns", "version": "2.9.12" }, { "model": "powerdns", "scope": "eq", "trust": 1.0, "vendor": "powerdns", "version": "2.9.13" }, { "model": "powerdns", "scope": "lte", "trust": 1.0, "vendor": "powerdns", "version": "2.9.16" }, { "model": "powerdns", "scope": "eq", "trust": 1.0, "vendor": "powerdns", "version": "2.9.10" }, { "model": "powerdns", "scope": "eq", "trust": 1.0, "vendor": "powerdns", "version": "2.9.0" }, { "model": "powerdns", "scope": "eq", "trust": 1.0, "vendor": "powerdns", "version": "2.0_rc1" }, { "model": "powerdns", "scope": "eq", "trust": 1.0, "vendor": "powerdns", "version": "2.9.11" }, { "model": "powerdns", "scope": "eq", "trust": 1.0, "vendor": "powerdns", "version": "2.9.1" }, { "model": "powerdns", "scope": "eq", "trust": 0.9, "vendor": "powerdns", "version": "2.9.16" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ethereal", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "tcpdump", "version": null }, { "model": "application \u0026 content networking software", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "powerdns", "version": "2.0" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "2.10" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "2.9" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "2.8" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "2.7" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "2.6" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "2.5" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "2.4" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "2.3" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "2.2" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "2.1" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "2.0" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "1.4" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "1.3" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "1.2" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "1.1" }, { "model": "dnrd", "scope": "eq", "trust": 0.3, "vendor": "dnrd", "version": "1.0" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.10.2" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.10.1" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.10" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.6" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.5" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.4" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.3" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.2" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9.1" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.9" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.5.0" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.4.0" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.3.4" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "8.3.3" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "7.9.11" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "7.8.2" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "7.8.1" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "7.8.0" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "7.7.1" }, { "model": "delegate", "scope": "eq", "trust": 0.3, "vendor": "delegate", "version": "7.7.0" }, { "model": "unity express", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "subscriber edge services manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3.3(1)" }, { "model": "subscriber edge services manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3.2(2)" }, { "model": "subscriber edge services manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3.2(1)" }, { "model": "ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79120" }, { "model": "ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7905" }, { "model": "ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7902" }, { "model": "content router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4450" }, { "model": "content router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44304.1" }, { "model": "content router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44304.0" }, { "model": "content router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4430" }, { "model": "content engine module for cisco router series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3800" }, { "model": "content engine module for cisco router series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3700" }, { "model": "content engine module for cisco router series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3600" }, { "model": "content engine module for cisco router series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2800" }, { "model": "content engine module for cisco router series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2600" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7325" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "73204.1" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "73204.0" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "73203.1" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "73202.2.0" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7320" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5904.1" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5904.0" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5903.1" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5902.2.0" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "590" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "565" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5604.1" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5604.0" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5603.1" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5602.2.0" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "560" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "510" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5074.1" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5074.0" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5073.1" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5072.2.0" }, { "model": "content engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "507" }, { "model": "content distribution manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4670" }, { "model": "content distribution manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "46504.1" }, { "model": "content distribution manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "46504.0" }, { "model": "content distribution manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4650" }, { "model": "content distribution manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "46304.1" }, { "model": "content distribution manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "46304.0" }, { "model": "content distribution manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4630" }, { "model": "ata-188", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ata-186", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.3.9" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.1.7" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1.13.7" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1.11.6" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0.17.6" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0.5" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0.3" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0.1" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.2.11" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.2.9" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.2.7" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1.3" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1.1" }, { "model": "application \u0026 content networking software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.0.3" }, { "model": "powerdns", "scope": "ne", "trust": 0.3, "vendor": "powerdns", "version": "2.9.17" }, { "model": "dnrd", "scope": "ne", "trust": 0.3, "vendor": "dnrd", "version": "2.18" }, { "model": "delegate", "scope": "ne", "trust": 0.3, "vendor": "delegate", "version": "8.11.1" }, { "model": "delegate", "scope": "ne", "trust": 0.3, "vendor": "delegate", "version": "8.11" }, { "model": "delegate", "scope": "ne", "trust": 0.3, "vendor": "delegate", "version": "8.10.6" }, { "model": "delegate", "scope": "ne", "trust": 0.3, "vendor": "delegate", "version": "8.10.5" }, { "model": "delegate", "scope": "ne", "trust": 0.3, "vendor": "delegate", "version": "8.10.4" }, { "model": "delegate", "scope": "ne", "trust": 0.3, "vendor": "delegate", "version": "8.10.3" }, { "model": "subscriber edge services manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.3(2)" }, { "model": "application \u0026 content networking software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.3.3" }, { "model": "application \u0026 content networking software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.2.7" }, { "model": "application \u0026 content networking software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.1.15" } ], "sources": [ { "db": "CERT/CC", "id": "VU#23495" }, { "db": "BID", "id": "13729" }, { "db": "CNNVD", "id": "CNNVD-200512-776" }, { "db": "NVD", "id": "CVE-2005-0038" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Discovered by Dr. Steve Beaty from the Department of Mathematical and Computer Sciences at the Metropolitan State College of Denver.", "sources": [ { "db": "BID", "id": "13729" }, { "db": "CNNVD", "id": "CNNVD-200512-776" } ], "trust": 0.9 }, "cve": "CVE-2005-0038", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2005-0038", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2005-0038", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#23495", "trust": 0.8, "value": "41.92" }, { "author": "CNNVD", "id": "CNNVD-200512-776", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#23495" }, { "db": "CNNVD", "id": "CNNVD-200512-776" }, { "db": "NVD", "id": "CVE-2005-0038" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. \nThis issue arises when an affected application handles a specially crafted DNS message. \nA successful attack would crash the affected client or server. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Various Products Compressed DNS Messages Denial of Service\n\nSECUNIA ADVISORY ID:\nSA15472\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15472/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCisco ATA 180 Series Analog Telephone Adaptors\nhttp://secunia.com/product/2810/\n\nSOFTWARE:\nCisco IP Phone 7900 Series\nhttp://secunia.com/product/2809/\nCisco ACNS Software Version 5.x\nhttp://secunia.com/product/2268/\nCisco ACNS Software Version 4.x\nhttp://secunia.com/product/2269/\nCisco Unity Express 2.x\nhttp://secunia.com/product/5151/\n\nDESCRIPTION:\nA vulnerability has been reported in various Cisco products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an error in the DNS implementation\nduring the decompression of compressed DNS messages and can be\nexploited via a specially crafted DNS packet containing invalid\ninformation in the compressed section. \n\nSuccessful exploitation crashes a vulnerable device or causes it to\nfunction abnormally. \n\nThe vulnerability affects the following products:\n* Cisco IP Phones 7902/7905/7912\n* Cisco ATA (Analog Telephone Adaptor) 186/188\n* Cisco Unity Express\n\nThe following Cisco ACNS (Application and Content Networking System)\ndevices are also affected:\n* Cisco 500 Series Content Engines\n* Cisco 7300 Series Content Engines\n* Cisco Content Routers 4400 series\n* Cisco Content Distribution Manager 4600 series\n* Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and\n3800 series Integrated Service Routers. \n\nSOLUTION:\nSee patch matrix in vendor advisory for information about fixes. \nhttp://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software\n\nPROVIDED AND/OR DISCOVERED BY:\nNISCC credits Dr. Steve Beaty. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml\n\nNISCC:\nhttp://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2005-0038" }, { "db": "CERT/CC", "id": "VU#23495" }, { "db": "BID", "id": "13729" }, { "db": "PACKETSTORM", "id": "37713" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "13729", "trust": 2.7 }, { "db": "NVD", "id": "CVE-2005-0038", "trust": 1.9 }, { "db": "OSVDB", "id": "25291", "trust": 1.6 }, { "db": "SECUNIA", "id": "15472", "trust": 0.9 }, { "db": "SECTRACK", "id": "1014043", "trust": 0.8 }, { "db": "SECTRACK", "id": "1014044", "trust": 0.8 }, { "db": "SECTRACK", "id": "1014045", "trust": 0.8 }, { "db": "SECTRACK", "id": "1014046", "trust": 0.8 }, { "db": "BID", "id": "1165", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#23495", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200512-776", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "37713", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#23495" }, { "db": "BID", "id": "13729" }, { "db": "PACKETSTORM", "id": "37713" }, { "db": "CNNVD", "id": "CNNVD-200512-776" }, { "db": "NVD", "id": "CVE-2005-0038" } ] }, "id": "VAR-200512-0639", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.3638431 }, "last_update_date": "2024-11-23T22:04:38.637000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2005-0038" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/13729" }, { "trust": 1.6, "url": "http://www.osvdb.org/25291" }, { "trust": 1.6, "url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en" }, { "trust": 1.2, "url": "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15472/" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/1165" }, { "trust": 0.8, "url": "http://www.ciac.org/ciac/bulletins/l-015.shtml" }, { "trust": 0.8, "url": "http://www.securitytracker.com/id?1014046" }, { "trust": 0.8, "url": "http://www.securitytracker.com/id?1014045" }, { "trust": 0.8, "url": "http://www.securitytracker.com/id?1014044" }, { "trust": 0.8, "url": "http://www.securitytracker.com/id?1014043" }, { "trust": 0.8, "url": "http://www.ethereal.com" }, { "trust": 0.8, "url": "http://www.tcpdump.org" }, { "trust": 0.1, "url": "http://secunia.com/product/2810/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/5151/" }, { "trust": 0.1, "url": "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software" }, { "trust": 0.1, "url": "http://secunia.com/secunia_vacancies/" }, { "trust": 0.1, "url": "http://secunia.com/product/2268/" }, { "trust": 0.1, "url": "http://secunia.com/product/2269/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/product/2809/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#23495" }, { "db": "BID", "id": "13729" }, { "db": "PACKETSTORM", "id": "37713" }, { "db": "CNNVD", "id": "CNNVD-200512-776" }, { "db": "NVD", "id": "CVE-2005-0038" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#23495" }, { "db": "BID", "id": "13729" }, { "db": "PACKETSTORM", "id": "37713" }, { "db": "CNNVD", "id": "CNNVD-200512-776" }, { "db": "NVD", "id": "CVE-2005-0038" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2001-06-18T00:00:00", "db": "CERT/CC", "id": "VU#23495" }, { "date": "2005-05-24T00:00:00", "db": "BID", "id": "13729" }, { "date": "2005-05-29T20:22:44", "db": "PACKETSTORM", "id": "37713" }, { "date": "2005-12-31T00:00:00", "db": "CNNVD", "id": "CNNVD-200512-776" }, { "date": "2005-12-31T05:00:00", "db": "NVD", "id": "CVE-2005-0038" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2005-11-15T00:00:00", "db": "CERT/CC", "id": "VU#23495" }, { "date": "2016-07-06T14:40:00", "db": "BID", "id": "13729" }, { "date": "2010-06-23T00:00:00", "db": "CNNVD", "id": "CNNVD-200512-776" }, { "date": "2024-11-20T23:54:16.503000", "db": "NVD", "id": "CVE-2005-0038" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200512-776" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries", "sources": [ { "db": "CERT/CC", "id": "VU#23495" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "13729" }, { "db": "CNNVD", "id": "CNNVD-200512-776" } ], "trust": 0.9 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.