[VIM] NISCC DNS/PROTOS vendor information
security curmudgeon
jericho at attrition.org
Wed Apr 26 08:11:20 EDT 2006
: For those of you scratching your heads about why there's no vendor
: information in this main advisory:
:
: http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en
:
: I can't answer that, but some semi-random clicking somehow got me to this:
:
: http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en
:
: I'll be working on CVEs for this shortly, but I'm considering doing
: another generic CVE for the suite, then implementation-specific CVEs for
: each individual product. Still feels a little wrong to do that, but
: with suite-based testing and its simultaneous flood/dearth of
: information, there seems little else to do :(
Teach me to blindly create entries! After two DNS related vulns I figured
something was up. That said, looks like Secunia is digging up some more
details about the PROTOS findings. Looking at their entries:
http://secunia.com/advisories/19808/
The vulnerability is caused due to an error within the handling of the
TSIG in the second or subsequent messages in a zone transfer. This can
be exploited to crash "named" via a malformed TSIG in the messages.
http://secunia.com/advisories/19831/
The vulnerability is caused due to an error in the recursor when parsing
certain DNS packets. This can be exploited to crash the recursor via a
malformed EDNS0 packet.
http://secunia.com/advisories/19835/
The vulnerability is caused due to a memory leak error within the
handling of the QTYPE and QCLASS DNS queries.
So it appears we have three vectors for the denial of service, but
obviously don't know if each method effects each product.
More information about the VIM
mailing list