Simple DNS Plus 5.0/4.1 < remote Denial of Service exploit

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Simple DNS Plus 5.0/4.1 < remote Denial of Service exploit
From: "Rotem-BugSec" <rotem@xxxxxxxxxx>
Date: Sun, 13 Jul 2008 12:02:57 +0300
In-reply-to:
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References:
Thread-index: AcjkxnXkuBIBVrfjQC+ky8wcE7yrNgAAGcbAAAASXtA=

A vulnerability was found which may allow a remote attacker to cause a
denial of service to Simple DNS Plus   
Sending multiple  DNS respond packets to the source port of the server

This vulnerability is fixed in the new version of  Simple DNS Plus  5.1.101.

usage: sdns-dos.pl <dns server> <dns source port> <num of packets>
Exploit written by Exodus.
http://www.blackhat.org.il

http://www.blackhat.org.il/index.php/simple-dns-plus-5041-remote-denial-of-s
ervice-exploit/

Prev by Date: [SECURITY] [DSA 1608-1] New mysql-dfsg-5.0 packages fix authorization bypass
Next by Date: Pluck Local File inclusion
Previous by thread: [SECURITY] [DSA 1608-1] New mysql-dfsg-5.0 packages fix authorization bypass
Next by thread: Pluck Local File inclusion
Index(es):
- Date
- Thread