Release DateMar 17, 2010 |
Severitymedium |
ImpactCan be used to cause a denial of service. |
DescriptionThis vulnerability results in vulnerable DNS servers entering into an infinite query and response message loop, leading to the consumption of network and CPU resources, and denying DNS service to legitimate users.A remote attacker could send a spoofed DNS query that appears to come from the localhost on UDP port 53, which would cause the server to continuously respond to itself, resulting in a denial of service. The vulnerability has been confirmed in multiple implementations of the DNS protocol, including Poslib 1.0.2-1 and earlier as used by Posadis, Axis Network products before firmware 3.13, and Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2. |
Affected Products |
Recommended ActionsUpgrade to the latest version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2004-0789 |
