[VIM] NISCC DNS/PROTOS vendor information

security curmudgeon jericho at attrition.org
Wed Apr 26 08:11:20 EDT 2006

: For those of you scratching your heads about why there's no vendor
: information in this main advisory:
:   http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en
: I can't answer that, but some semi-random clicking somehow got me to this:
:   http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en
: I'll be working on CVEs for this shortly, but I'm considering doing 
: another generic CVE for the suite, then implementation-specific CVEs for 
: each individual product.  Still feels a little wrong to do that, but 
: with suite-based testing and its simultaneous flood/dearth of 
: information, there seems little else to do :(

Teach me to blindly create entries! After two DNS related vulns I figured 
something was up. That said, looks like Secunia is digging up some more 
details about the PROTOS findings. Looking at their entries:


  The vulnerability is caused due to an error within the handling of the 
  TSIG in the second or subsequent messages in a zone transfer. This can 
  be exploited to crash "named" via a malformed TSIG in the messages.


  The vulnerability is caused due to an error in the recursor when parsing 
  certain DNS packets. This can be exploited to crash the recursor via a 
  malformed EDNS0 packet.


  The vulnerability is caused due to a memory leak error within the 
  handling of the QTYPE and QCLASS DNS queries.

So it appears we have three vectors for the denial of service, but 
obviously don't know if each method effects each product.

More information about the VIM mailing list