Vulnerability Name:

CVE-2006-2078 (CCN-26081)

Assigned:2006-04-25
Published:2006-04-25
Updated:2017-07-20
Summary:Multiple unspecified vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120, F1000, and E20/E30, allow remote attackers to cause a denial of service via crafted DNS messages that trigger errors in (1) ProxyDNS or (2) PKI-Resolver, as demonstrated by the OUSPG PROTOS DNS test suite.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-2072

Source: MITRE
Type: CNA
CVE-2006-2073

Source: MITRE
Type: CNA
CVE-2006-2074

Source: MITRE
Type: CNA
CVE-2006-2075

Source: MITRE
Type: CNA
CVE-2006-2076

Source: MITRE
Type: CNA
CVE-2006-2077

Source: MITRE
Type: CNA
CVE-2006-2078

Source: MITRE
Type: CNA
CVE-2006-2240

Source: CCN
Type: SA19750
DeleGate DNS Query Handling Denial of Service

Source: CCN
Type: SA19808
BIND Zone Transfer TSIG Handling Denial of Service

Source: CCN
Type: SA19820
FITELnet Products DNS Handling Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
19820

Source: CCN
Type: SA19822
Juniper Networks JUNOSe DNS Response Handling Vulnerability

Source: CCN
Type: SA19835
pdnsd DNS Query Handling Memory Leak Vulnerability

Source: CCN
Type: SA19894
Fujitsu NetShelter/FW DNS Handling Denial of Service

Source: CCN
Type: SECTRACK ID: 1015989
pdnsd Bug in Processing ADNS Queries Lets Remote Users Deny Service

Source: CCN
Type: SECTRACK ID: 1015990
MyDNS Can Be Crashed By Remote Users Sending a `Query-of-Death` Request

Source: CCN
Type: SECTRACK ID: 1015991
DeleGate Can Be Crashed By Remote Systems Returning Specially Crafted DNS Responses

Source: CCN
Type: SECTRACK ID: 1015992
JUNOSe DNS Response Bug Lets Remote Users Deny Service

Source: CCN
Type: SECTRACK ID: 1015993
BIND Can Be Crashed By Remote Users Sending a Broken TSIG

Source: CCN
Type: DeleGate Web site
DeleGate Home Page (www.delegate.org)

Source: CONFIRM
Type: UNKNOWN
http://www.furukawa.co.jp/fitelnet/topic/dns2_attacks.html

Source: CCN
Type: GLSA-200605-10
pdnsd: Denial of Service and potential arbitrary code execution

Source: CCN
Type: Internet Software Consortium, Inc. Web site
ISC BIND

Source: CCN
Type: US-CERT VU#955777
Multiple vulnerabilities in DNS implementations

Source: CERT-VN
Type: US Government Resource
VU#955777

Source: CCN
Type: NISCC Vulnerability Advisory 144154/NISCC/DNS
Vulnerability Issues in Implementations of the DNS Protocol

Source: MISC
Type: Patch
http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en

Source: MISC
Type: Patch, Vendor Advisory
http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en

Source: CCN
Type: OSVDB ID: 24971
Fujitsu NetShelter/FW Web Cache/Proxy Unspecified DNS Packet Handling Remote DoS

Source: CCN
Type: OSVDB ID: 25292
pdnsd Unspecified Overflow

Source: CCN
Type: OSVDB ID: 57052
pdnsd Crafted DNS Query Handling Remote DoS

Source: CCN
Type: OSVDB ID: 57053
DeleGate Crafted DNS Response Handling Remote DoS

Source: CCN
Type: OSVDB ID: 57057
FITELnet Multiple Products ProxyDNS / PKI-Resolver DNS Message Handling Remote DoS

Source: CCN
Type: OSVDB ID: 57058
MyDNS Crafted DNS Message Remote DoS

Source: CCN
Type: OSVDB ID: 57059
Juniper Networks JUNOSe E-series Routers DNS Client Code Unspecified Remote DoS

Source: CCN
Type: OSVDB ID: 57060
ISC BIND DNS Message Malformed TSIG Remote DoS

Source: CCN
Type: pdnsd Web page
pdnsd maintenance page by Paul Rombouts

Source: CCN
Type: BID-16431
MyDNS DNS Query Denial Of Service Vulnerability

Source: CCN
Type: BID-17691
DeleGate DNS Response Denial Of Service Vulnerability

Source: CCN
Type: BID-17692
ISC BIND TSIG Zone Transfer Denial Of Service Vulnerability

Source: CCN
Type: BID-17693
Juniper JUNOSe DNS Client Denial Of Service Vulnerability

Source: CCN
Type: BID-17694
Paul A. Rombouts PDNSD DNS Query Denial Of Service Vulnerability

Source: BID
Type: Patch
17710

Source: CCN
Type: BID-17710
Multiple FITELnet Products Unspecified DNS Handling Vulnerabilities

Source: CCN
Type: BID-17720
Paul A. Rombouts PDNSD Unspecified Buffer Overflow Vulnerability

Source: CCN
Type: BID-17791
Fujitsu NetShelter Unspecified DNS Denial Of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-1505

Source: VUPEN
Type: UNKNOWN
ADV-2006-1536

Source: XF
Type: UNKNOWN
dns-improper-request-handling(26081)

Source: XF
Type: UNKNOWN
dns-improper-request-handling(26081)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:furukawa_electric:fitelnet:e20:*:*:*:*:*:*:*
  • OR cpe:/h:furukawa_electric:fitelnet:e30:*:*:*:*:*:*:*
  • OR cpe:/h:furukawa_electric:fitelnet:f40:*:*:*:*:*:*:*
  • OR cpe:/h:furukawa_electric:fitelnet:f80:*:*:*:*:*:*:*
  • OR cpe:/h:furukawa_electric:fitelnet:f100:*:*:*:*:*:*:*
  • OR cpe:/h:furukawa_electric:fitelnet:f120:*:*:*:*:*:*:*
  • OR cpe:/h:furukawa_electric:fitelnet:f1000:*:*:*:*:*:*:*
  • OR cpe:/h:furukawa_electric:fitelnet:f3000:*:*:*:*:*:*:*
  • OR cpe:/h:furukawa_electric:mucho-ev_pk:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:isc:bind:8.2:-:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:8.2:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.5:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.7:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.1.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.1.2:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.2:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.0:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p7:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p5:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p3:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.2:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.7:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.3.0:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.4.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.4.5:*:*:*:-:*:*:*
  • OR cpe:/o:juniper:junos_e:-:*:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:9.3.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.3.2:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.3.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.3.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.0:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.2:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.7:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.8:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.8:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.9:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.10:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p6:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p4:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p2:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.3:t1a:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.3:t9b:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.4.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.4.7:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.3:*:*:*:-:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    furukawa_electric fitelnet e20
    furukawa_electric fitelnet e30
    furukawa_electric fitelnet f40
    furukawa_electric fitelnet f80
    furukawa_electric fitelnet f100
    furukawa_electric fitelnet f120
    furukawa_electric fitelnet f1000
    furukawa_electric fitelnet f3000
    furukawa_electric mucho-ev pk *
    isc bind 8.2
    isc bind 8.2 p1
    isc bind 8.2.1
    isc bind 4.9.5
    isc bind 4.9.5 p1
    isc bind 4.9.6
    isc bind 4.9.7
    isc bind 8.1
    isc bind 8.1.1
    isc bind 8.1.2
    isc bind 8.2.2
    isc bind 8.2.2 p1
    isc bind 8.3.3
    isc bind 8.3.2
    isc bind 8.3.1
    isc bind 8.3.0
    isc bind 8.2.6
    isc bind 8.2.5
    isc bind 8.2.4
    isc bind 8.2.3
    isc bind 8.2.2 p7
    isc bind 8.2.2 p5
    isc bind 8.2.2 p3
    isc bind 4.9.2
    isc bind 8.2.7
    isc bind 9.3.0
    isc bind 8.4.4
    isc bind 8.4.5
    juniper junos e -
    isc bind 9.3.1
    isc bind 9.3.2
    isc bind 9.3.3
    isc bind 9.3.4
    isc bind 9.2.0
    isc bind 9.2.1
    isc bind 9.2.2
    isc bind 9.2.3
    isc bind 9.2.4
    isc bind 9.2.5
    isc bind 9.2.6
    isc bind 9.2.7
    isc bind 9.2.8
    isc bind 4.9.3
    isc bind 4.9.4
    isc bind 4.9.8
    isc bind 4.9.9
    isc bind 4.9.10
    isc bind 8.2.2 p6
    isc bind 8.2.2 p4
    isc bind 8.2.2 p2
    isc bind 4.9
    isc bind 8.3.4
    isc bind 4
    isc bind 8
    isc bind 8.2.3 t1a
    isc bind 8.2.3 t9b
    isc bind 8.3.5
    isc bind 8.3.6
    isc bind 8.4
    isc bind 8.4.1
    isc bind 8.4.7
    isc bind 9.3
    gentoo linux *