TITLE:
pdnsd DNS Query Handling Memory Leak Vulnerability

SECUNIA ADVISORY ID:
SA19835

VERIFY ADVISORY:
http://secunia.com/advisories/19835/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
>From remote

SOFTWARE:
pdnsd 1.x
http://secunia.com/product/9584/

DESCRIPTION:
A vulnerability has been reported in pdnsd, which can be exploited by
malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a memory leak error within the
handling of the QTYPE and QCLASS DNS queries. This can be exploited
to cause pdnsd to consume large amount of memory, thus causing it to
crash or cause the system to become unstable.

The vulnerability has been reported in versions prior to 1.2.4.

SOLUTION:
Update to version 1.2.4.
http://www.phys.uu.nl/~rombouts/pdnsd/dl.html

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor based on DNS Test Tool created by Oulu University
Secure Programming Group.

ORIGINAL ADVISORY:
NISCC:
http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------