Serva DNS Server DNS Query Processing Denial of Service

by Carol~ Moderator - 1/15/13 10:40 AM

In Reply to: VULNERABILITIES / FIXES - January 15, 2013 by Carol~ Moderator

Serva DNS Server DNS Query Processing Denial of Service Vulnerability

Release Date : 2013-01-15

Criticality level : Moderately critical
Impact: DoS
Where : From remote
Solution Status : Unpatched

Software: Serva 2.x

Description:
Inshell Security has discovered a vulnerability in Serva, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a sign extension error (Serva32.exe) when processing a DNS query and can be exploited to crash the server via a specially crafted DNS query.

The vulnerability is confirmed in version 2.0.0. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Julien Ahrens (MrTuxracer), Inshell Security.

Original Advisory:
http://security.inshell.net/advisory/33

http://secunia.com/advisories/51617/