CVE-2002-0140 in Domain Name Relay Daemon
Summary
by MITRE
Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/17/2025
The Domain Name Relay Daemon dnrd version 2.10 and earlier contains a critical vulnerability that stems from improper handling of DNS replies within its core parsing functions. This flaw exists in the parse_query and get_objectname functions, which fail to adequately validate or sanitize incoming DNS responses from potentially malicious sources. The vulnerability arises when the daemon receives a specially crafted DNS reply that exceeds normal length parameters or contains malformed structures that the parsing routines cannot properly process.
This vulnerability represents a classic buffer overflows and input validation issue that falls under the CWE-121 category of buffer overflow conditions. The daemon's failure to properly handle malformed DNS data creates an attack surface where remote malicious DNS servers can exploit the parsing functions to either crash the service or potentially execute arbitrary code on the affected system. The impact extends beyond simple denial of service as the vulnerability may allow for remote code execution, making it particularly dangerous in networked environments where dnrd serves as a DNS relay or caching service.
The operational impact of this vulnerability is significant for organizations relying on dnrd for DNS resolution services. When exploited, the vulnerability can cause complete service disruption, forcing administrators to restart the daemon or potentially reboot affected systems. The remote code execution capability further compounds the risk by allowing attackers to gain unauthorized access to systems running vulnerable versions of dnrd, potentially leading to full system compromise. This vulnerability affects any system where dnrd is configured to relay or cache DNS queries, particularly in environments where the daemon acts as a DNS proxy or forwarder.
Mitigation strategies should focus on immediate patching of affected systems with the latest dnrd versions that address the parsing flaws in parse_query and get_objectname functions. Organizations should also implement network segmentation and DNS filtering to limit exposure to potentially malicious DNS responses. The vulnerability aligns with ATT&CK technique T1071.004 for application layer protocol and T1499.004 for network denial of service, highlighting the need for comprehensive network monitoring and intrusion detection systems to identify exploitation attempts. Additionally, implementing proper input validation and bounds checking in all DNS parsing routines would prevent similar vulnerabilities from manifesting in future versions of the software.