DNS: TCP Response Buffer Overflow
This signature detects a DNS response sent over TCP that contains an excessive number of IP addresses (more than 100) for a single name query. A DNS response with too many addresses can overflow a buffer in certain Windows operating system versions as well as the Exchange mail server.
Extended Description
The Microsoft Windows 2003 SMTP Service and Exchange Routing Engine have been reported prone to a buffer overflow. This occurs during the processing responses to DNS lookups. Successful exploitation could allow for remote code execution in the context of the vulnerable service.
Affected Products
Avaya s8100_media_servers,Avaya modular_messaging_(mss)
References
BugTraq: 11374
CVE: CVE-2004-0840
URL: http://www.microsoft.com/technet/security/Bulletin/MS04-035.mspx
Short Name
DNS:OVERFLOW:TCP-RESPONSE
Severity
Critical
Recommended
False
Recommended Action
None
Category
DNS
Keywords
Buffer CVE-2004-0840 Overflow Response TCP bid:11374
Release Date
10/15/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Occasionally
Vendors
Microsoft
Avaya
CVSS Score
10.0