DeleGate DNS Response Message DoS

medium Nessus Plugin ID 21293

Synopsis

A rogue DNS server may crash the remote proxy.

Description

The remote host is running Delegate, a multi-application proxy.

The remote version of this software is vulnerable to a denial of service when processing invalid DNS responses. An attacker may exploit this flaw to disable this service remotely.

To exploit this flaw, an attacker would need to be able to inject malformed DNS responses to the queries sent by the remote application.

Solution

Upgrade to DeleGate 8.11.6 or newer.

Plugin Details

Severity: Medium

ID: 21293

File Name: delegate_dns.nasl

Version: 1.14

Type: remote

Family: Firewalls

Published: 4/26/2006

Updated: 7/10/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/25/2006

Reference Information

CVE: CVE-2006-2072

BID: 17691