MidnightBSD

Advisories for dnrd

CVE-2002-0140 HIGH

Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dnrd dnrd 1.0
dnrd dnrd 2.0
dnrd dnrd 2.6
dnrd dnrd 2.3
dnrd dnrd 1.3
dnrd dnrd 2.4
dnrd dnrd 2.9
dnrd dnrd 2.8
dnrd dnrd 1.2
dnrd dnrd 2.5
dnrd dnrd 2.7
dnrd dnrd 1.4
dnrd dnrd 2.2
dnrd dnrd 2.1
dnrd dnrd 1.1
dnrd dnrd 2.10
CVE-2004-0789 MEDIUM

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
axis 2420_network_camera 2.12
delegate delegate 8.9
posadis posadis 0.50.8
pliant pliant_dns_server *
axis 2460_network_dvr 3.12
posadis posadis 0.50.9
axis 2100_network_camera 2.01
don_moore mydns 0.8
axis 2100_network_camera 2.0
dnrd dnrd 2.2
dnrd dnrd 2.1
delegate delegate 7.8.2
maradns maradns 0.8.05
axis 2110_network_camera 2.12
axis 2100_network_camera 2.03
axis 2400_video_server 3.11
posadis posadis 0.60.1
axis 2100_network_camera 2.40
qbik wingate 6.0.1_build_993
axis 2110_network_camera 2.30
axis 2120_network_camera 2.32
axis 2100_network_camera 2.33
axis 2420_network_camera 2.30
don_moore mydns 0.9
team_johnlong raidendnsd *
axis 2120_network_camera 2.34
posadis posadis 0.50.5
delegate delegate 7.8.1
maradns maradns 0.5.30
posadis posadis m5pre2
posadis posadis 0.50.6
qbik wingate 6.0.1_build_995
axis 2100_network_camera 2.12
delegate delegate 7.8.0
axis 2420_network_camera 2.32
dnrd dnrd 2.5
axis 2400_video_server 3.12
delegate delegate 8.3.4
axis 2401_video_server 3.12
dnrd dnrd 2.0
delegate delegate 8.9.3
dnrd dnrd 2.6
axis 2110_network_camera 2.34
axis 2120_network_camera 2.40
axis 2420_network_camera 2.40
maradns maradns 0.5.29
delegate delegate 7.9.11
axis 2110_network_camera 2.41
dnrd dnrd 1.4
qbik wingate 3.0
axis 2420_network_camera 2.33
axis 2420_network_camera 2.41
posadis posadis 0.50.7
delegate delegate 8.9.4
delegate delegate 7.7.0
axis 2120_network_camera 2.41
maradns maradns 0.5.31
axis 2120_network_camera 2.12
dnrd dnrd 1.0
posadis posadis 0.60.0
dnrd dnrd 2.3
delegate delegate 8.9.1
axis 2100_network_camera 2.30
dnrd dnrd 2.9
axis 2420_network_camera 2.31
axis 2100_network_camera 2.32
axis 2120_network_camera 2.30
delegate delegate 8.4.0
qbik wingate 6.0
axis 2100_network_camera 2.31
qbik wingate 4.1_beta_a
qbik wingate 4.0.1
delegate delegate 8.5.0
posadis posadis m5pre1
axis 2110_network_camera 2.31
delegate delegate 7.7.1
delegate delegate 8.3.3
delegate delegate 8.9.5
don_moore mydns 0.7
dnrd dnrd 1.3
dnrd dnrd 2.8
dnrd dnrd 2.7
axis 2100_network_camera 2.41
dnrd dnrd 1.1
axis 2420_network_camera 2.34
delegate delegate 8.9.2
don_moore mydns 0.6
axis 2100_network_camera 2.34
posadis posadis 0.50.4
axis 2100_network_camera 2.02
dnrd dnrd 2.4
dnrd dnrd 1.2
axis 2110_network_camera 2.40
axis 2120_network_camera 2.31
axis 2110_network_camera 2.32
don_moore mydns 0.10.0
dnrd dnrd 2.10
maradns maradns 0.5.28
CVE-2005-0037 MEDIUM

The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dnrd dnrd 1.0
dnrd dnrd 2.0
dnrd dnrd 2.6
dnrd dnrd 2.3
dnrd dnrd 1.3
dnrd dnrd 2.4
dnrd dnrd 2.9
dnrd dnrd 2.8
dnrd dnrd 1.2
dnrd dnrd 2.5
dnrd dnrd 2.7
dnrd dnrd 1.4
dnrd dnrd 2.2
dnrd dnrd 2.1
dnrd dnrd 1.1
CVE-2005-2315 HIGH

Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute arbitrary code via a large number of large DNS packets with the Z and QR flags cleared.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dnrd dnrd 1.0
dnrd dnrd 2.0
dnrd dnrd 2.6
dnrd dnrd 2.3
dnrd dnrd 1.3
dnrd dnrd 2.4
dnrd dnrd 2.9
dnrd dnrd 2.8
dnrd dnrd 1.2
dnrd dnrd 2.5
dnrd dnrd 2.7
dnrd dnrd 1.4
dnrd dnrd 2.2
dnrd dnrd 2.1
dnrd dnrd 1.1
dnrd dnrd 2.10
CVE-2005-2316 MEDIUM

Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to cause a denial of service (infinite recursion) via a DNS packet that uses message compression in the QNAME and two pointers that point to each other (circular buffer).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dnrd dnrd 2.16
dnrd dnrd 2.8
dnrd dnrd 2.14.1
dnrd dnrd 2.12
dnrd dnrd 2.5
dnrd dnrd 2.7
dnrd dnrd 2.16.1
dnrd dnrd 2.2
dnrd dnrd 2.1
dnrd dnrd 2.11
dnrd dnrd 2.17.2
dnrd dnrd 2.18
dnrd dnrd 2.0
dnrd dnrd 2.6
dnrd dnrd 2.3
dnrd dnrd 2.14
dnrd dnrd 2.17.1
dnrd dnrd 2.4
dnrd dnrd 2.9
dnrd dnrd 2.13
dnrd dnrd 2.15
dnrd dnrd 2.19
dnrd dnrd 2.12.1
dnrd dnrd 2.10