Sign-up

ID

VAR-200604-0552


CVE

CVE-2006-2078


TITLE

Multiple vulnerabilities in DNS implementations

Trust: 0.8

sources: CERT/CC: VU#955777

DESCRIPTION

Multiple unspecified vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120, F1000, and E20/E30, allow remote attackers to cause a denial of service via crafted DNS messages that trigger errors in (1) ProxyDNS or (2) PKI-Resolver, as demonstrated by the OUSPG PROTOS DNS test suite. Numerous vulnerabilities have been reported in various Domain Name System (DNS) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause a DNS implementation to behave in an unstable/unpredictable manner. There are unexplained vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120, F1000 and E20/E30. Consequences of these vulnerabilities are currently unknown, but remote code execution or denial-of-service attacks may be possible. This BID will be updated as further information is disclosed. TITLE: FITELnet Products DNS Handling Vulnerability SECUNIA ADVISORY ID: SA19820 VERIFY ADVISORY: http://secunia.com/advisories/19820/ CRITICAL: Moderately critical IMPACT: Unknown WHERE: >From remote OPERATING SYSTEM: FITELnet-E Series http://secunia.com/product/9600/ FITELnet-F Series http://secunia.com/product/9599/ MUCHO-EV/PK http://secunia.com/product/9601/ DESCRIPTION: A vulnerability with unknown impact has been reported in various FITELnet products. The vulnerability is caused due to unspecified errors in ProxyDNS and PKI-Resolver when handling certain malformed DNS packets. The vulnerability has been reported in the following products: FITELnet-F40 FITELnet-F80 FITELnet-F100 FITELnet-F120 FITELnet-F1000 FITELnet-E20/E30 MUCHO-EV/PK SOLUTION: The vendor is reportedly working on a fix. PROVIDED AND/OR DISCOVERED BY: Reported by vendor based on DNS Test Tool created by Oulu University Secure Programming Group. ORIGINAL ADVISORY: http://www.furukawa.co.jp/fitelnet/topic/dns2_attacks.html NISCC: http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2006-2078 // CERT/CC: VU#955777 // CNVD: CNVD-2006-2727 // BID: 17710 // PACKETSTORM: 45744

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-2727

AFFECTED PRODUCTS

vendor:furukawa electricmodel:fitelnetscope:eqversion:f120

Trust: 1.6

vendor:furukawa electricmodel:fitelnetscope:eqversion:f40

Trust: 1.6

vendor:furukawa electricmodel:fitelnetscope:eqversion:f3000

Trust: 1.6

vendor:furukawa electricmodel:fitelnetscope:eqversion:f100

Trust: 1.6

vendor:furukawa electricmodel:fitelnetscope:eqversion:f80

Trust: 1.6

vendor:furukawa electricmodel:fitelnetscope:eqversion:f1000

Trust: 1.6

vendor:furukawa electricmodel:fitelnetscope:eqversion:e20

Trust: 1.6

vendor:furukawa electricmodel:fitelnetscope:eqversion:e30

Trust: 1.6

vendor:furukawa electricmodel:mucho-ev pkscope:eqversion:*

Trust: 1.0

vendor:f5model: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:openwall gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:fitelnetmodel:furukawa electric e20scope: - version: -

Trust: 0.6

vendor:fitelnetmodel:furukawa electric e30scope: - version: -

Trust: 0.6

vendor:fitelnetmodel:furukawa electric f100scope: - version: -

Trust: 0.6

vendor:fitelnetmodel:furukawa electric f1000scope: - version: -

Trust: 0.6

vendor:fitelnetmodel:furukawa electric f120scope: - version: -

Trust: 0.6

vendor:fitelnetmodel:furukawa electric f3000scope: - version: -

Trust: 0.6

vendor:fitelnetmodel:furukawa electric f40scope: - version: -

Trust: 0.6

vendor:furukawa electricmodel:mucho-ev pkscope: - version: -

Trust: 0.6

vendor:furukawamodel:electric co. mucho-ev/pkscope:eqversion:0

Trust: 0.3

vendor:furukawamodel:electric co. fitelnet-f80scope:eqversion:0

Trust: 0.3

vendor:furukawamodel:electric co. fitelnet-f40scope:eqversion:0

Trust: 0.3

vendor:furukawamodel:electric co. fitelnet-f3000scope:eqversion:0

Trust: 0.3

vendor:furukawamodel:electric co. fitelnet-f120scope:eqversion:0

Trust: 0.3

vendor:furukawamodel:electric co. fitelnet-f1000scope:eqversion:0

Trust: 0.3

vendor:furukawamodel:electric co. fitelnet-f100scope:eqversion:0

Trust: 0.3

vendor:furukawamodel:electric co. fitelnet-e30scope:eqversion:0

Trust: 0.3

vendor:furukawamodel:electric co. fitelnet-e20scope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#955777 // CNVD: CNVD-2006-2727 // BID: 17710 // CNNVD: CNNVD-200604-524 // NVD: CVE-2006-2078

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-2078
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#955777
value: 19.13

Trust: 0.8

CNVD: CNVD-2006-2727
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200604-524
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2006-2078
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-2727
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CERT/CC: VU#955777 // CNVD: CNVD-2006-2727 // CNNVD: CNNVD-200604-524 // NVD: CVE-2006-2078

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2078

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-524

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200604-524

EXTERNAL IDS

db:BIDid:17710

Trust: 2.5

db:CERT/CCid:VU#955777

Trust: 2.4

db:NVDid:CVE-2006-2078

Trust: 2.2

db:SECUNIAid:19820

Trust: 1.7

db:VUPENid:ADV-2006-1536

Trust: 1.6

db:VUPENid:ADV-2006-1505

Trust: 1.6

db:CNVDid:CNVD-2006-2727

Trust: 0.6

db:XFid:26081

Trust: 0.6

db:CNNVDid:CNNVD-200604-524

Trust: 0.6

db:PACKETSTORMid:45744

Trust: 0.1

sources: CERT/CC: VU#955777 // CNVD: CNVD-2006-2727 // BID: 17710 // PACKETSTORM: 45744 // CNNVD: CNNVD-200604-524 // NVD: CVE-2006-2078

REFERENCES

url:http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en

Trust: 2.8

url:http://www.securityfocus.com/bid/17710

Trust: 2.2

url:http://www.furukawa.co.jp/fitelnet/topic/dns2_attacks.html

Trust: 2.0

url:http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en

Trust: 1.9

url:http://www.kb.cert.org/vuls/id/955777

Trust: 1.6

url:http://secunia.com/advisories/19820

Trust: 1.6

url:http://www.vupen.com/english/advisories/2006/1505

Trust: 1.0

url:http://www.vupen.com/english/advisories/2006/1536

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26081

Trust: 1.0

url:http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/dns/index.html

Trust: 0.8

url:http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html

Trust: 0.8

url:http://jvn.jp/niscc/niscc-144154/index.html

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2006/1505

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/1536

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/26081

Trust: 0.6

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/9601/

Trust: 0.1

url:http://secunia.com/advisories/19820/

Trust: 0.1

url:http://secunia.com/product/9599/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/9600/

Trust: 0.1

sources: CERT/CC: VU#955777 // CNVD: CNVD-2006-2727 // BID: 17710 // PACKETSTORM: 45744 // CNNVD: CNNVD-200604-524 // NVD: CVE-2006-2078

CREDITS

These issues were discovered by the PROTOS DNS Test Suite, which was developed by the Oulu University Secure Programming Group (OUSPG).

Trust: 0.9

sources: BID: 17710 // CNNVD: CNNVD-200604-524

SOURCES

db:CERT/CCid:VU#955777
db:CNVDid:CNVD-2006-2727
db:BIDid:17710
db:PACKETSTORMid:45744
db:CNNVDid:CNNVD-200604-524
db:NVDid:CVE-2006-2078

LAST UPDATE DATE

2024-08-14T14:08:35.104000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#955777date:2006-05-23T00:00:00
db:CNVDid:CNVD-2006-2727date:2006-04-27T00:00:00
db:BIDid:17710date:2006-04-27T17:21:00
db:CNNVDid:CNNVD-200604-524date:2006-04-28T00:00:00
db:NVDid:CVE-2006-2078date:2017-07-20T01:31:09.943

SOURCES RELEASE DATE

db:CERT/CCid:VU#955777date:2006-04-28T00:00:00
db:CNVDid:CNVD-2006-2727date:2006-04-27T00:00:00
db:BIDid:17710date:2006-04-26T00:00:00
db:PACKETSTORMid:45744date:2006-04-27T21:57:26
db:CNNVDid:CNNVD-200604-524date:2006-04-27T00:00:00
db:NVDid:CVE-2006-2078date:2006-04-27T22:03:00