ID

VAR-200604-0574


CVE

CVE-2006-2072


TITLE

DeleGate DNS Response Denial of Service Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2006-2722 // BID: 17691 // CNNVD: CNNVD-200604-533

DESCRIPTION

Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite. Numerous vulnerabilities have been reported in various Domain Name System (DNS) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause a DNS implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ In multiple products DNS For protocol implementation, DNS There are deficiencies due to protocol specifications, and certain DNS There are problems that cause memory area corruption and buffer overflow when packets are processed. Depending on the product implementation, the impact will vary, but if exploited by a remote attacker, DNS A service that processes packets or an application may go out of service. The discoverer also suggests the possibility of arbitrary code execution.Please refer to the “Overview” for the impact of this vulnerability. There are several unexplained vulnerabilities in the 9.x series prior to DeleGate 9.0.6 and the 8.x series prior to 8.11.6. The vendor has addressed this issue in versions 8.11.6 and 9.0.6; earlier versions are vulnerable. ISC BIND is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the application to properly handle malformed TSIG (Secret Key Transaction Authentication for DNS) replies. To exploit this issue, attackers must be able to send messages with a correct TSIG during a zone transfer. This limits the potential for remote exploits significantly. An attacker can exploit this issue to crash the affected service, effectively denying service to legitimate users. TITLE: DeleGate DNS Query Handling Denial of Service SECUNIA ADVISORY ID: SA19750 VERIFY ADVISORY: http://secunia.com/advisories/19750/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: DeleGate 8.x http://secunia.com/product/1237/ DESCRIPTION: A vulnerability has been reported in DeleGate, which can be exploited by malicious people to cause a DoS (Denial of Service). This can lead to out-of-bounds memory accesses and infinite recursive function calls, which causes the process to stop responding to requests. The vulnerability has been reported in version 8.11.5 and prior (stable), and in version 9.0.5 and prior (development). SOLUTION: Update to version 8.11.6 or later. http://www.delegate.org/delegate/download/ The vulnerability has also been fixed in development version 9.0.6. PROVIDED AND/OR DISCOVERED BY: Reported by vendor based on DNS Test Tool created by Oulu University Secure Programming Group. ORIGINAL ADVISORY: NISCC: http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.51

sources: NVD: CVE-2006-2072 // CERT/CC: VU#955777 // JVNDB: JVNDB-2006-000242 // CNVD: CNVD-2006-2722 // BID: 17691 // BID: 17692 // PACKETSTORM: 45737

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-2722

AFFECTED PRODUCTS

vendor:delegatemodel:delegatescope:eqversion:7.7.1

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:7.7.0

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:7.8.0

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:7.8.1

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:7.8.2

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:7.9.11

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:8.10

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:9.0.5

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:9.0.4

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:9.0.3

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:9.0.2

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:9.0.1

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:9.0

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:8.9.6

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:8.9.5

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:8.9.4

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:8.5.0

Trust: 1.9

vendor:delegatemodel:delegatescope:eqversion:8.11.5

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.11.4

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.11.3

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.11.2

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.11.1

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.11

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.10.6

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.10.5

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.10.4

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.10.3

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.10.2

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.10.1

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.9.3

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.9.2

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.9.1

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.9

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.4.0

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.3.4

Trust: 1.3

vendor:delegatemodel:delegatescope:eqversion:8.3.3

Trust: 1.3

vendor:f5model: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:openwall gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:delegatemodel:delegatescope:lteversion:8.11.5

Trust: 0.8

vendor:delegatemodel:delegatescope:lteversion:9.0.5

Trust: 0.8

vendor:delegatemodel:delegatescope:neversion:9.0.6

Trust: 0.3

vendor:delegatemodel:delegatescope:neversion:8.11.6

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.3.2

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.3.1

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.3

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2.3

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2.2

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2.1

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.3

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.2

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.1

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.0.1

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.0

Trust: 0.3

sources: CERT/CC: VU#955777 // CNVD: CNVD-2006-2722 // BID: 17691 // BID: 17692 // JVNDB: JVNDB-2006-000242 // CNNVD: CNNVD-200604-533 // NVD: CVE-2006-2072

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-2072
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#955777
value: 19.13

Trust: 0.8

NVD: CVE-2006-2072
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2006-2722
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-200604-533
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2006-2072
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2006-2722
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CERT/CC: VU#955777 // CNVD: CNVD-2006-2722 // JVNDB: JVNDB-2006-000242 // CNNVD: CNNVD-200604-533 // NVD: CVE-2006-2072

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2072

THREAT TYPE

network

Trust: 0.6

sources: BID: 17691 // BID: 17692

TYPE

Design Error

Trust: 1.2

sources: BID: 17691 // BID: 17692 // CNNVD: CNNVD-200604-533

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-000242

PATCH

title:3156url:http://www.delegate.org/mail-lists/delegate-en/3156

Trust: 0.8

title:DeleGate DNS Response Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/40810

Trust: 0.6

sources: CNVD: CNVD-2006-2722 // JVNDB: JVNDB-2006-000242

EXTERNAL IDS

db:BIDid:17691

Trust: 3.3

db:CERT/CCid:VU#955777

Trust: 3.2

db:NVDid:CVE-2006-2072

Trust: 3.0

db:SECUNIAid:19750

Trust: 1.7

db:SECTRACKid:1015991

Trust: 1.6

db:VUPENid:ADV-2006-1506

Trust: 1.6

db:VUPENid:ADV-2006-1505

Trust: 1.6

db:BIDid:17692

Trust: 1.1

db:JVNDBid:JVNDB-2006-000242

Trust: 0.8

db:CNVDid:CNVD-2006-2722

Trust: 0.6

db:XFid:26081

Trust: 0.6

db:CNNVDid:CNNVD-200604-533

Trust: 0.6

db:PACKETSTORMid:45737

Trust: 0.1

sources: CERT/CC: VU#955777 // CNVD: CNVD-2006-2722 // BID: 17691 // BID: 17692 // JVNDB: JVNDB-2006-000242 // PACKETSTORM: 45737 // CNNVD: CNNVD-200604-533 // NVD: CVE-2006-2072

REFERENCES

url:http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en

Trust: 3.9

url:http://www.securityfocus.com/bid/17691

Trust: 3.0

url:http://www.kb.cert.org/vuls/id/955777

Trust: 2.4

url:http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en

Trust: 2.2

url:http://jvn.jp/niscc/niscc-144154/index.html

Trust: 1.6

url:http://securitytracker.com/id?1015991

Trust: 1.6

url:http://secunia.com/advisories/19750

Trust: 1.6

url:http://www.vupen.com/english/advisories/2006/1505

Trust: 1.0

url:http://www.vupen.com/english/advisories/2006/1506

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26081

Trust: 1.0

url:http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/dns/index.html

Trust: 0.8

url:http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2072

Trust: 0.8

url:http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060425-00312.xml

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-2072

Trust: 0.8

url:http://www.securityfocus.com/bid/17692

Trust: 0.8

url:http://isc.sans.org/diary.php?storyid=1290

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2006/1506

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/1505

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/26081

Trust: 0.6

url:http://www.delegate.org

Trust: 0.3

url:http://www.delegate.org/delegate/updates/

Trust: 0.3

url:http://www.isc.org/index.pl?/sw/bind/bind-security.php

Trust: 0.3

url:http://www.isc.org/products/bind/

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/1237/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://www.delegate.org/delegate/download/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/19750/

Trust: 0.1

sources: CERT/CC: VU#955777 // CNVD: CNVD-2006-2722 // BID: 17691 // BID: 17692 // JVNDB: JVNDB-2006-000242 // PACKETSTORM: 45737 // CNNVD: CNNVD-200604-533 // NVD: CVE-2006-2072

CREDITS

This issue was discovered by the PROTOS DNS Test Suite, which was developed by the Oulu University Secure Programming Group (OUSPG).

Trust: 1.2

sources: BID: 17691 // BID: 17692 // CNNVD: CNNVD-200604-533

SOURCES

db:CERT/CCid:VU#955777
db:CNVDid:CNVD-2006-2722
db:BIDid:17691
db:BIDid:17692
db:JVNDBid:JVNDB-2006-000242
db:PACKETSTORMid:45737
db:CNNVDid:CNNVD-200604-533
db:NVDid:CVE-2006-2072

LAST UPDATE DATE

2024-08-14T14:08:35.059000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#955777date:2006-05-23T00:00:00
db:CNVDid:CNVD-2006-2722date:2006-04-27T00:00:00
db:BIDid:17691date:2006-04-26T19:31:00
db:BIDid:17692date:2006-04-26T19:31:00
db:JVNDBid:JVNDB-2006-000242date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200604-533date:2006-04-28T00:00:00
db:NVDid:CVE-2006-2072date:2017-07-20T01:31:09.600

SOURCES RELEASE DATE

db:CERT/CCid:VU#955777date:2006-04-28T00:00:00
db:CNVDid:CNVD-2006-2722date:2006-04-27T00:00:00
db:BIDid:17691date:2006-04-25T00:00:00
db:BIDid:17692date:2006-04-25T00:00:00
db:JVNDBid:JVNDB-2006-000242date:2007-04-01T00:00:00
db:PACKETSTORMid:45737date:2006-04-27T21:57:26
db:CNNVDid:CNNVD-200604-533date:2006-04-27T00:00:00
db:NVDid:CVE-2006-2072date:2006-04-27T22:02:00