Description
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
Product(s):
- Delegate 7.7.0
- Delegate 7.7.1
- Delegate 7.8.0
- Delegate 7.8.1
- Delegate 7.8.2
- Delegate 7.9.11
- Delegate Delegate 8.3.3
- Delegate Delegate 8.3.4
- Delegate Delegate 8.4.0
- Delegate Delegate 8.5.0
- Delegate Delegate 8.9.1
- Delegate Delegate 8.9.2
- Delegate Delegate 8.9.3
- Delegate Delegate 8.9.4
- Delegate Delegate 8.9.5
- Delegate Delegate 8.9
- DNRD DNRD 1.0
- DNRD DNRD 1.1
- DNRD DNRD 1.2
- DNRD DNRD 1.3
- DNRD DNRD 1.4
- DNrd DNrd 2.0
- DNrd DNrd 2.10
- DNRD DNRD 2.1
- DNRD DNRD 2.2
- DNRD DNRD 2.3
- DNRD DNRD 2.4
- DNRD DNRD 2.5
- DNRD 2.6
- DNRD 2.7
- DNRD 2.8
- DNRD 2.9
- Don Moore MyDNS 0.10.0
- Don Moore myDNS 0.6
- Don Moore myDNS 0.7
- Don Moore myDNS 0.8
- Don Moore MyDNS 0.9
- Maradns 0.5.28
- Maradns 0.5.29
- Maradns 0.5.30
- Maradns 0.5.31
- Maradns 0.8.05
- Pliant DNS Server
- Posadis Posadis 0.50.4
- Posadis Posadis 0.50.5
- Posadis Posadis 0.50.6
- Posadis 0.50.7
- Posadis 0.50.8
- Posadis 0.50.9
- Posadis 0.60.0
- Posadis 0.60.1
- Posadis M5PRE1
- Posadis M5PRE2
- Qbik Wingate 3.0
- Qbik Wingate 4.0.1
- Qbik Wingate 4.1 Beta A
- Qbik Wingate 6.0.1 Build 993
- Qbik Wingate 6.0.1 Build 995
- Qbik Wingate 6.0
- Team Johnlong RaidenDNSd
- Axis Communications AXIS 2100 Network Camera 2.01
- Axis 2100 Network Camera 2.02
- Axis Communications AXIS 2100 Network Camera 2.03
- Axis Communications AXIS 2100 Network Camera 2.0
- Axis Communications AXIS 2100 Network Camera 2.12
- Axis Communications AXIS 2100 Network Camera 2.30
- Axis Communications AXIS 2100 Network Camera 2.31
- Axis Communications AXIS 2100 Network Camera 2.32
- Axis Communications AXIS 2100 Network Camera 2.33
- Axis Communications AXIS 2100 Network Camera 2.34
- Axis Communications AXIS 2100 Network Camera 2.40
- Axis Communications AXIS 2100 Network Camera 2.41
- Axis Communications AXIS 2110 Network Camera 2.12
- Axis Communications AXIS 2110 Network Camera 2.30
- Axis Communications AXIS 2110 Network Camera 2.31
- Axis Communications AXIS 2110 Network Camera 2.32
- Axis Communications AXIS 2110 Network Camera 2.34
- Axis Communications AXIS 2110 Network Camera 2.40
- Axis Communications AXIS 2110 Network Camera 2.41
- Axis Communications AXIS 2120 Network Camera 2.12
- Axis Communications AXIS 2120 Network Camera 2.30
- Axis Communications AXIS 2120 Network Camera 2.31
- Axis Communications AXIS 2120 Network Camera 2.32
- Axis Communications AXIS 2120 Network Camera 2.34
- Axis Communications AXIS 2120 Network Camera 2.40
- Axis Communications AXIS 2120 Network Camera 2.41
- Axis 2400 Video Server 3.11
- Axis 2400 Video Server 3.12
- Axis 2401 Video Server 3.12
- Axis Communications AXIS 2420 Network Camera 2.12
- Axis Communications AXIS 2420 Network Camera 2.30
- Axis Communications AXIS 2420 Network Camera 2.31
- Axis Communications AXIS 2420 Network Camera 2.32
- Axis Communications AXIS 2420 Network Camera 2.33
- Axis Communications AXIS 2420 Network Camera 2.34
- Axis Communications AXIS 2420 Network Camera 2.40
- Axis Communications AXIS 2420 Network Camera 2.41
- Axis Communications AXIS 2460 Digital Video Recorder 3.12
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0789, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0789 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.