CVE-2004-0789

Description

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

Affected products

axis / 2100_network_camera2.03 – 2.03
axis / 2100_network_camera2.02 – 2.02
axis / 2100_network_camera2.01 – 2.01
axis / 2100_network_camera2.0 – 2.0
axis / 2100_network_camera2.41 – 2.41
axis / 2100_network_camera2.40 – 2.40
axis / 2100_network_camera2.34 – 2.34
axis / 2100_network_camera2.33 – 2.33
axis / 2100_network_camera2.32 – 2.32
axis / 2100_network_camera2.31 – 2.31
axis / 2100_network_camera2.30 – 2.30
axis / 2100_network_camera2.12 – 2.12
axis / 2110_network_camera2.32 – 2.32
axis / 2110_network_camera2.31 – 2.31
axis / 2110_network_camera2.30 – 2.30
axis / 2110_network_camera2.12 – 2.12
axis / 2110_network_camera2.41 – 2.41
axis / 2110_network_camera2.40 – 2.40
axis / 2110_network_camera2.34 – 2.34
axis / 2120_network_camera2.41 – 2.41
axis / 2120_network_camera2.34 – 2.34
axis / 2120_network_camera2.32 – 2.32
axis / 2120_network_camera2.31 – 2.31
axis / 2120_network_camera2.30 – 2.30
axis / 2120_network_camera2.12 – 2.12
axis / 2120_network_camera2.40 – 2.40
axis / 2400_video_server3.12 – 3.12
axis / 2400_video_server3.11 – 3.11
axis / 2401_video_server3.12 – 3.12
axis / 2420_network_camera2.40 – 2.40
axis / 2420_network_camera2.33 – 2.33
axis / 2420_network_camera2.32 – 2.32
axis / 2420_network_camera2.31 – 2.31
axis / 2420_network_camera2.30 – 2.30
axis / 2420_network_camera2.12 – 2.12
axis / 2420_network_camera2.34 – 2.34
axis / 2420_network_camera2.41 – 2.41
axis / 2460_network_dvr3.12 – 3.12
delegate / delegate7.7.0 – 7.7.0
delegate / delegate7.7.1 – 7.7.1
delegate / delegate7.8.0 – 7.8.0
delegate / delegate7.8.1 – 7.8.1
delegate / delegate7.8.2 – 7.8.2
delegate / delegate7.9.11 – 7.9.11
delegate / delegate8.3.3 – 8.3.3
delegate / delegate8.3.4 – 8.3.4
delegate / delegate8.4.0 – 8.4.0
delegate / delegate8.5.0 – 8.5.0
delegate / delegate8.9 – 8.9
delegate / delegate8.9.1 – 8.9.1
delegate / delegate8.9.2 – 8.9.2
delegate / delegate8.9.3 – 8.9.3
delegate / delegate8.9.4 – 8.9.4
delegate / delegate8.9.5 – 8.9.5
dnrd / dnrd1.2 – 1.2
dnrd / dnrd2.9 – 2.9
dnrd / dnrd2.10 – 2.10
dnrd / dnrd1.0 – 1.0
dnrd / dnrd1.1 – 1.1
dnrd / dnrd1.3 – 1.3
dnrd / dnrd1.4 – 1.4
dnrd / dnrd2.0 – 2.0
dnrd / dnrd2.1 – 2.1
dnrd / dnrd2.2 – 2.2
dnrd / dnrd2.3 – 2.3
dnrd / dnrd2.4 – 2.4
dnrd / dnrd2.5 – 2.5
dnrd / dnrd2.6 – 2.6
dnrd / dnrd2.7 – 2.7
dnrd / dnrd2.8 – 2.8
don_moore / mydns0.7 – 0.7
don_moore / mydns0.10.0 – 0.10.0
don_moore / mydns0.9 – 0.9
don_moore / mydns0.8 – 0.8
don_moore / mydns0.6 – 0.6
MaraDNS / MaraDNS0.5.28 – 0.5.28
MaraDNS / MaraDNS0.8.05 – 0.8.05
MaraDNS / MaraDNS0.5.31 – 0.5.31
MaraDNS / MaraDNS0.5.30 – 0.5.30
MaraDNS / MaraDNS0.5.29 – 0.5.29
pliant / pliant_dns_server
posadis / posadis0.50.4 – 0.50.4
posadis / posadis0.50.5 – 0.50.5
posadis / posadis0.50.6 – 0.50.6
posadis / posadis0.50.7 – 0.50.7
posadis / posadis0.50.8 – 0.50.8
posadis / posadis0.50.9 – 0.50.9
posadis / posadis0.60.0 – 0.60.0
posadis / posadis0.60.1 – 0.60.1
posadis / posadism5pre2 – m5pre2
posadis / posadism5pre1 – m5pre1
qbik / wingate4.1_beta_a – 4.1_beta_a
qbik / wingate3.0 – 3.0
qbik / wingate4.0.1 – 4.0.1
qbik / wingate6.0.1_build_995 – 6.0.1_build_995
qbik / wingate6.0.1_build_993 – 6.0.1_build_993
qbik / wingate6.0 – 6.0
team_johnlong / raidendnsd

CVE-2004-0789

Description

Affected products

References