Fujitsu NetShelter Unspecified DNS Denial Of Service Vulnerability

Bugtraq ID:	17791
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	May 02 2006 12:00AM
Updated:	May 03 2006 05:50PM
Credit:	This issue was discovered by the PROTOS DNS Test Suite, which was developed by the Oulu University Secure Programming Group (OUSPG).
Vulnerable:	Fujitsu NetShelter/FW-P 0 Fujitsu NetShelter/FW-M 0 Fujitsu NetShelter/FW-L 0 Fujitsu NetShelter/FW E12lxx Fujitsu NetShelter/FW E11lxx
Not Vulnerable:	Fujitsu NetShelter/FW-P E11L41 Fujitsu NetShelter/FW-P E10L29 Fujitsu NetShelter/FW-M E10L31 Fujitsu NetShelter/FW-L E10L31 Fujitsu NetShelter/FW E12L31 Fujitsu NetShelter/FW E11L27

Fujitsu NetShelter Unspecified DNS Denial Of Service Vulnerability

Fujitsu NetShelter is prone to an unspecified remote denial-of-service vulnerability. This issue is due to a failure in the application to properly handle malformed DNS responses.

An attacker can exploit this issue to crash the affected service, effectively denying service to legitimate users.

Fujitsu NetShelter Unspecified DNS Denial Of Service Vulnerability

The PROTOS DNS Test Suite, which was developed by the Oulu University Secure Programming Group (OUSPG), may be used to trigger this issue.

Fujitsu NetShelter Unspecified DNS Denial Of Service Vulnerability

Solution:
The vendor has released an advisory and fixes to address this issue. Please see the referenced advisory for further information.

Fujitsu NetShelter Unspecified DNS Denial Of Service Vulnerability

References:

• DNS Advisory (Fujitsu)
  
• NISCC Vulnerability Advisory 144154/NISCC/DNS (NISCC)
  
• NISCC Vulnerability Advisory 144154/NISCC/DNS - Vulnerability Issues in Implemen (NISCC)