Details of VAR-200604-0576

ID

VAR-200604-0576

CVE

CVE-2006-2074

TITLE

Multiple vulnerabilities in DNS implementations

Trust: 0.8

sources: CERT/CC: VU#955777

DESCRIPTION

Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS "client code," as demonstrated by the OUSPG PROTOS DNS test suite. Numerous vulnerabilities have been reported in various Domain Name System (DNS) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause a DNS implementation to behave in an unstable/unpredictable manner. Juniper JUNOSe is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the application to properly handle DNS datagrams. An attacker can exploit this issue to crash the affected DNS client service, effectively denying service to legitimate users. Juniper Networks JunosE is an operating system of Juniper Networks (Juniper Networks) running on E series IP edge and broadband service routers. The PROTOS DNS test component developed by OUSPG for DNS implementation found in the test that if a specially crafted message is sent, JUNOSe will have a denial of service when responding to DNS. The vulnerability is caused due to unspecified errors within the handling of DNS responses. SOLUTION: The vulnerability has been fixed in JUNOSe versions 5-3-5p0-2, 6-0-3p0-6, 6-0-4, 6-1-3p0-1, 7-0-1p0-7, 7-0-2, 7-1-0p0-1, and 7-1-1. PROVIDED AND/OR DISCOVERED BY: Reported by vendor based on DNS Test Tool created by Oulu University Secure Programming Group. ORIGINAL ADVISORY: NISCC: http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-2074 // CERT/CC: VU#955777 // BID: 17693 // VULHUB: VHN-18182 // PACKETSTORM: 45735

AFFECTED PRODUCTS

vendor:	juniper	model:	junose	scope:	eq	version:	*	Trust: 1.0
vendor:	f5	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openwall gnu linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junose	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	junose	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	junose	scope:	ne	version:	7.1.1	Trust: 0.3
vendor:	juniper	model:	junose p0-1	scope:	ne	version:	7.1	Trust: 0.3
vendor:	juniper	model:	junose	scope:	ne	version:	7.0.2	Trust: 0.3
vendor:	juniper	model:	junose p0-7	scope:	ne	version:	7.0.1	Trust: 0.3
vendor:	juniper	model:	junose p0-1	scope:	ne	version:	6.1.3	Trust: 0.3
vendor:	juniper	model:	junose	scope:	ne	version:	6.0.4	Trust: 0.3
vendor:	juniper	model:	junose p0-6	scope:	ne	version:	6.0.3	Trust: 0.3
vendor:	juniper	model:	junose p0-2	scope:	ne	version:	5.3.5	Trust: 0.3

sources: CERT/CC: VU#955777 // BID: 17693 // CNNVD: CNNVD-200604-540 // NVD: CVE-2006-2074

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-2074
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#955777
value:	19.13
Trust: 0.8
CNNVD:	CNNVD-200604-540
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-18182
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-2074
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-18182
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#955777 // VULHUB: VHN-18182 // CNNVD: CNNVD-200604-540 // NVD: CVE-2006-2074

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2074

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-540

TYPE

Design Error

Trust: 0.9

sources: BID: 17693 // CNNVD: CNNVD-200604-540

EXTERNAL IDS

db:	CERT/CC	id:	VU#955777	Trust: 2.5
db:	BID	id:	17693	Trust: 2.0
db:	SECUNIA	id:	19822	Trust: 1.8
db:	SECTRACK	id:	1015992	Trust: 1.7
db:	NVD	id:	CVE-2006-2074	Trust: 1.7
db:	VUPEN	id:	ADV-2006-1505	Trust: 1.7
db:	VUPEN	id:	ADV-2006-1526	Trust: 1.7
db:	CNNVD	id:	CNNVD-200604-540	Trust: 0.7
db:	XF	id:	26081	Trust: 0.6
db:	VULHUB	id:	VHN-18182	Trust: 0.1
db:	PACKETSTORM	id:	45735	Trust: 0.1

sources: CERT/CC: VU#955777 // VULHUB: VHN-18182 // BID: 17693 // PACKETSTORM: 45735 // CNNVD: CNNVD-200604-540 // NVD: CVE-2006-2074

REFERENCES

url:	http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en	Trust: 2.9
url:	http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en	Trust: 2.0
url:	http://www.securityfocus.com/bid/17693	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/955777	Trust: 1.7
url:	http://securitytracker.com/id?1015992	Trust: 1.7
url:	http://secunia.com/advisories/19822	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/1505	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/1526	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26081	Trust: 1.1
url:	http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/dns/index.html	Trust: 0.8
url:	http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html	Trust: 0.8
url:	http://jvn.jp/niscc/niscc-144154/index.html	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2006/1526	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/1505	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/26081	Trust: 0.6
url:	https://www.juniper.net/alerts/viewalert.jsp?txtalertnumber=psn-2004-06-009&actionbtn=search	Trust: 0.3
url:	http://www.juniper.net/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/6108/	Trust: 0.1
url:	http://secunia.com/product/3417/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/6107/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/19822/	Trust: 0.1

sources: CERT/CC: VU#955777 // VULHUB: VHN-18182 // BID: 17693 // PACKETSTORM: 45735 // CNNVD: CNNVD-200604-540 // NVD: CVE-2006-2074

CREDITS

NISCC uniras@niscc.gov.uk

Trust: 0.6

sources: CNNVD: CNNVD-200604-540

SOURCES

db:	CERT/CC	id:	VU#955777
db:	VULHUB	id:	VHN-18182
db:	BID	id:	17693
db:	PACKETSTORM	id:	45735
db:	CNNVD	id:	CNNVD-200604-540
db:	NVD	id:	CVE-2006-2074

LAST UPDATE DATE

2024-08-14T14:08:34.997000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#955777	date:	2006-05-23T00:00:00
db:	VULHUB	id:	VHN-18182	date:	2017-07-20T00:00:00
db:	BID	id:	17693	date:	2006-04-26T19:31:00
db:	CNNVD	id:	CNNVD-200604-540	date:	2006-04-28T00:00:00
db:	NVD	id:	CVE-2006-2074	date:	2017-07-20T01:31:09.707

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#955777	date:	2006-04-28T00:00:00
db:	VULHUB	id:	VHN-18182	date:	2006-04-27T00:00:00
db:	BID	id:	17693	date:	2006-04-25T00:00:00
db:	PACKETSTORM	id:	45735	date:	2006-04-27T21:57:26
db:	CNNVD	id:	CNNVD-200604-540	date:	2006-04-27T00:00:00
db:	NVD	id:	CVE-2006-2074	date:	2006-04-27T22:02:00