Vulnerability Name:

CVE-2006-2240 (CCN-26081)

Assigned:2006-04-25
Published:2006-04-25
Updated:2017-07-20
Summary:Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite.
All Fujitsu NetShelter/FW models E12Lxx and E11Lxx are affected except E11L27 and E12L31. The listing of affected models is broad, but the following list is a list of exceptions:

NetShelter/FW E11L27
NetShelter/FW E12L31
NetShelter/FW-P E10L29
NetShelter/FW-P E11L41
NetShelter/FW-L E10L31
NetShelter/FW-M E10L31
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-2072

Source: MITRE
Type: CNA
CVE-2006-2073

Source: MITRE
Type: CNA
CVE-2006-2074

Source: MITRE
Type: CNA
CVE-2006-2075

Source: MITRE
Type: CNA
CVE-2006-2076

Source: MITRE
Type: CNA
CVE-2006-2077

Source: MITRE
Type: CNA
CVE-2006-2078

Source: MITRE
Type: CNA
CVE-2006-2240

Source: CCN
Type: SA19750
DeleGate DNS Query Handling Denial of Service

Source: CCN
Type: SA19808
BIND Zone Transfer TSIG Handling Denial of Service

Source: CCN
Type: SA19820
FITELnet Products DNS Handling Vulnerability

Source: CCN
Type: SA19822
Juniper Networks JUNOSe DNS Response Handling Vulnerability

Source: CCN
Type: SA19835
pdnsd DNS Query Handling Memory Leak Vulnerability

Source: CCN
Type: SA19894
Fujitsu NetShelter/FW DNS Handling Denial of Service

Source: SECUNIA
Type: Vendor Advisory
19894

Source: CCN
Type: SECTRACK ID: 1015989
pdnsd Bug in Processing ADNS Queries Lets Remote Users Deny Service

Source: CCN
Type: SECTRACK ID: 1015990
MyDNS Can Be Crashed By Remote Users Sending a `Query-of-Death` Request

Source: CCN
Type: SECTRACK ID: 1015991
DeleGate Can Be Crashed By Remote Systems Returning Specially Crafted DNS Responses

Source: CCN
Type: SECTRACK ID: 1015992
JUNOSe DNS Response Bug Lets Remote Users Deny Service

Source: CCN
Type: SECTRACK ID: 1015993
BIND Can Be Crashed By Remote Users Sending a Broken TSIG

Source: CCN
Type: DeleGate Web site
DeleGate Home Page (www.delegate.org)

Source: CCN
Type: GLSA-200605-10
pdnsd: Denial of Service and potential arbitrary code execution

Source: CCN
Type: Internet Software Consortium, Inc. Web site
ISC BIND

Source: CCN
Type: US-CERT VU#955777
Multiple vulnerabilities in DNS implementations

Source: CERT-VN
Type: US Government Resource
VU#955777

Source: CCN
Type: NISCC Vulnerability Advisory 144154/NISCC/DNS
Vulnerability Issues in Implementations of the DNS Protocol

Source: MISC
Type: UNKNOWN
http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en

Source: MISC
Type: UNKNOWN
http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en

Source: CCN
Type: OSVDB ID: 24971
Fujitsu NetShelter/FW Web Cache/Proxy Unspecified DNS Packet Handling Remote DoS

Source: CCN
Type: OSVDB ID: 25292
pdnsd Unspecified Overflow

Source: CCN
Type: OSVDB ID: 57052
pdnsd Crafted DNS Query Handling Remote DoS

Source: CCN
Type: OSVDB ID: 57053
DeleGate Crafted DNS Response Handling Remote DoS

Source: CCN
Type: OSVDB ID: 57057
FITELnet Multiple Products ProxyDNS / PKI-Resolver DNS Message Handling Remote DoS

Source: CCN
Type: OSVDB ID: 57058
MyDNS Crafted DNS Message Remote DoS

Source: CCN
Type: OSVDB ID: 57059
Juniper Networks JUNOSe E-series Routers DNS Client Code Unspecified Remote DoS

Source: CCN
Type: OSVDB ID: 57060
ISC BIND DNS Message Malformed TSIG Remote DoS

Source: CCN
Type: pdnsd Web page
pdnsd maintenance page by Paul Rombouts

Source: CCN
Type: BID-16431
MyDNS DNS Query Denial Of Service Vulnerability

Source: CCN
Type: BID-17691
DeleGate DNS Response Denial Of Service Vulnerability

Source: CCN
Type: BID-17692
ISC BIND TSIG Zone Transfer Denial Of Service Vulnerability

Source: CCN
Type: BID-17693
Juniper JUNOSe DNS Client Denial Of Service Vulnerability

Source: CCN
Type: BID-17694
Paul A. Rombouts PDNSD DNS Query Denial Of Service Vulnerability

Source: CCN
Type: BID-17710
Multiple FITELnet Products Unspecified DNS Handling Vulnerabilities

Source: CCN
Type: BID-17720
Paul A. Rombouts PDNSD Unspecified Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
17791

Source: CCN
Type: BID-17791
Fujitsu NetShelter Unspecified DNS Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
dns-improper-request-handling(26081)

Source: XF
Type: UNKNOWN
dns-improper-request-handling(26081)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:fujitsu:netshelter_fw:*:*:*:*:*:*:*:*
  • OR cpe:/h:fujitsu:netshelter_fw-l:*:*:*:*:*:*:*:*
  • OR cpe:/h:fujitsu:netshelter_fw-m:*:*:*:*:*:*:*:*
  • OR cpe:/h:fujitsu:netshelter_fw-p:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:isc:bind:8.2:-:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:8.2:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.5:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.7:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.1.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.1.2:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.2:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.0:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p7:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p5:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p3:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.2:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.7:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.3.0:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.4.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.4.5:*:*:*:-:*:*:*
  • OR cpe:/o:juniper:junos_e:-:*:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:9.3.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.3.2:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.3.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.3.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.0:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.2:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.7:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.2.8:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.8:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.9:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.10:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p6:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p4:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p2:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.3:t1a:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.3:t9b:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.3.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.4:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.4.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.4.7:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.3:*:*:*:-:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    fujitsu netshelter fw *
    fujitsu netshelter fw-l *
    fujitsu netshelter fw-m *
    fujitsu netshelter fw-p *
    isc bind 8.2
    isc bind 8.2 p1
    isc bind 8.2.1
    isc bind 4.9.5
    isc bind 4.9.5 p1
    isc bind 4.9.6
    isc bind 4.9.7
    isc bind 8.1
    isc bind 8.1.1
    isc bind 8.1.2
    isc bind 8.2.2
    isc bind 8.2.2 p1
    isc bind 8.3.3
    isc bind 8.3.2
    isc bind 8.3.1
    isc bind 8.3.0
    isc bind 8.2.6
    isc bind 8.2.5
    isc bind 8.2.4
    isc bind 8.2.3
    isc bind 8.2.2 p7
    isc bind 8.2.2 p5
    isc bind 8.2.2 p3
    isc bind 4.9.2
    isc bind 8.2.7
    isc bind 9.3.0
    isc bind 8.4.4
    isc bind 8.4.5
    juniper junos e -
    isc bind 9.3.1
    isc bind 9.3.2
    isc bind 9.3.3
    isc bind 9.3.4
    isc bind 9.2.0
    isc bind 9.2.1
    isc bind 9.2.2
    isc bind 9.2.3
    isc bind 9.2.4
    isc bind 9.2.5
    isc bind 9.2.6
    isc bind 9.2.7
    isc bind 9.2.8
    isc bind 4.9.3
    isc bind 4.9.4
    isc bind 4.9.8
    isc bind 4.9.9
    isc bind 4.9.10
    isc bind 8.2.2 p6
    isc bind 8.2.2 p4
    isc bind 8.2.2 p2
    isc bind 4.9
    isc bind 8.3.4
    isc bind 4
    isc bind 8
    isc bind 8.2.3 t1a
    isc bind 8.2.3 t9b
    isc bind 8.3.5
    isc bind 8.3.6
    isc bind 8.4
    isc bind 8.4.1
    isc bind 8.4.7
    isc bind 9.3
    gentoo linux *