| CVE-2006-2075 |
|
发布时间 :2006-04-27 18:03:00 | ||
| 修订时间 :2011-03-07 21:35:11 | ||||
| NMCO |
[原文]Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka "Query-of-death," as demonstrated by the OUSPG PROTOS DNS test suite.
[CNNVD]MyDNS 1.1.0 拒绝服务漏洞(CNNVD-200604-525)
MyDNS 1.1.0 中的未明漏洞允许远程攻击者借助于精心设计的DNS信息造成拒绝服务,即"死查询",如OUSPG PROTOS DNS测试套件。
- CVSS (基础分值)
| CVSS分值: | 5 | [中等(MEDIUM)] |
| 机密性影响: | NONE | [对系统的机密性无影响] |
| 完整性影响: | NONE | [不会对系统完整性产生影响] |
| 可用性影响: | PARTIAL | [可能会导致性能下降或中断资源访问] |
| 攻击复杂度: | LOW | [漏洞利用没有访问限制 ] |
| 攻击向量: | [--] | |
| 身份认证: | NONE | [漏洞利用无需身份认证] |
- CPE (受影响的平台与产品)
| 产品及版本信息(CPE)暂不可用 |
- OVAL (用于检测的技术细节)
| 未找到相关OVAL定义 |
- 官方数据库链接
- 其它链接及资源
|
http://www.kb.cert.org/vuls/id/955777 (UNKNOWN) CERT-VN VU#955777 |
|
http://securitytracker.com/id?1015990 (PATCH) SECTRACK 1015990 |
|
http://www.vupen.com/english/advisories/2006/1505 (UNKNOWN) VUPEN ADV-2006-1505 |
|
http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en (VENDOR_ADVISORY) MISC http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en |
|
http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en (VENDOR_ADVISORY) MISC http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en |
|
http://xforce.iss.net/xforce/xfdb/26081 (UNKNOWN) XF dns-improper-request-handling(26081) |
- 漏洞信息
| MyDNS 1.1.0 拒绝服务漏洞 | |
| 中危 | 未知 |
| 2006-04-27 00:00:00 | 2006-04-28 00:00:00 |
| 远程 | |
| MyDNS 1.1.0 中的未明漏洞允许远程攻击者借助于精心设计的DNS信息造成拒绝服务,即"死查询",如OUSPG PROTOS DNS测试套件。 | |
- 公告与补丁
- 漏洞信息
| 57058 | |
| MyDNS Crafted DNS Message Remote DoS | |
| Remote / Network Access | Denial of Service, Input Manipulation |
| Loss of Availability | |
- 漏洞描述
- 时间线
| 2006-04-25 | Unknow |
| Unknow | Unknow |
三人行,必有我师焉。择其善者而从之,其不善者而改之。