Vulnerability Description
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Delegate | Delegate | 7.7.0 |
| Dnrd | Dnrd | 1.0 |
| Don Moore | Mydns | 0.6 |
| Maradns | Maradns | 0.5.28 |
| Pliant | Pliant Dns Server | All versions |
| Posadis | Posadis | 0.50.4 |
| Qbik | Wingate | 3.0 |
| Team Johnlong | Raidendnsd | All versions |
| Axis | 2100 Network Camera | 2.0 |
| Axis | 2110 Network Camera | 2.12 |
| Axis | 2120 Network Camera | 2.12 |
| Axis | 2400 Video Server | 3.11 |
| Axis | 2401 Video Server | 3.12 |
| Axis | 2420 Network Camera | 2.12 |
| Axis | 2460 Network Dvr | 3.12 |
References
- http://secunia.com/advisories/13145Patch
- http://securitytracker.com/id?1012157Patch
- http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=enVendor Advisory
- http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdfVendor Advisory
- http://www.posadis.org/advisories/pos_adv_006.txtPatchVendor Advisory
- http://www.securityfocus.com/bid/11642Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17997
- http://secunia.com/advisories/13145Patch
- http://securitytracker.com/id?1012157Patch
- http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=enVendor Advisory
- http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdfVendor Advisory
- http://www.posadis.org/advisories/pos_adv_006.txtPatchVendor Advisory
- http://www.securityfocus.com/bid/11642Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17997
FAQ
What is CVE-2004-0789?
CVE-2004-0789 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 an...
How severe is CVE-2004-0789?
CVE-2004-0789 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0789?
Check the references section above for vendor advisories and patch information. Affected products include: Delegate Delegate, Dnrd Dnrd, Don Moore Mydns, Maradns Maradns, Pliant Pliant Dns Server.