F-Secure
Tools
Dns2tcp "dns_decode()" Buffer Overflow Vulnerability
| Report ID: | SA32514 |
| Source: | Secunia |
| Date of Discovery: | 03.11.2008 |
| Criticality: | Urgent |
| Affects: | Dns2tcp 0.x |
| Compromise From: | From remote |
| Compromise Type: | System access DoS |
Summary
A vulnerability has been reported in Dns2tcp, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
Detailed Description
A vulnerability has been reported in Dns2tcp, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the "dns_decode()" function in server/dns_decode.c. This can be exploited to cause a buffer overflow via specially crafted encoded DNS data.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 0.4.2.
The vulnerability is caused due to a boundary error within the "dns_decode()" function in server/dns_decode.c. This can be exploited to cause a buffer overflow via specially crafted encoded DNS data.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 0.4.2.
Solution
Update to version 0.4.2.