Serva DNS Server DNS Query Processing Denial of Service
Serva DNS Server DNS Query Processing Denial of Service Vulnerability
Release Date : 2013-01-15
Criticality level : Moderately critical
Where : From remote
Solution Status : Unpatched
Software: Serva 2.x
Inshell Security has discovered a vulnerability in Serva, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a sign extension error (Serva32.exe) when processing a DNS query and can be exploited to crash the server via a specially crafted DNS query.
The vulnerability is confirmed in version 2.0.0. Other versions may also be affected.
No official solution is currently available.
Provided and/or discovered by:
Julien Ahrens (MrTuxracer), Inshell Security.