| Release Date | Mar 17, 2010 |
| Severity | Medium |
| Impact | Can be used to cause a denial of service. |
| Description | This vulnerability results in vulnerable DNS servers entering into an infinite query and response message loop, leading to the consumption of network and CPU resources, and denying DNS service to legitimate users.
A remote attacker could send a spoofed DNS query that appears to come from the localhost on UDP port 53, which would cause the server to continuously respond to itself, resulting in a denial of service.
The vulnerability has been confirmed in multiple implementations of the DNS protocol, including Poslib 1.0.2-1 and earlier as used by Posadis, Axis Network products before firmware 3.13, and Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2. |
| Recommended Actions | Upgrade to the latest version. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0789
|
Reference: VID-18303
|