CVE-2005-0036

Step 1: Payload Delivery: An attacker crafts a malicious DNS packet. This packet contains a compressed DNS record with a label length byte that includes an invalid offset value.

Step 2: Packet Reception: The DeleGate server receives the crafted DNS packet.

Step 3: Parsing and Processing: The DeleGate DNS implementation attempts to parse the compressed DNS record. It reads the label length byte and uses the offset value to locate the target label.

Step 4: Infinite Loop Trigger: Due to the invalid offset, the program enters an infinite loop while trying to resolve the record. This loop consumes CPU resources.

Step 5: Denial of Service: The continuous resource consumption leads to a denial of service, preventing legitimate DNS queries from being processed.

The vulnerability lies within DeleGate's DNS packet processing logic, specifically its handling of compressed DNS records. The flaw stems from an improper validation of the offset value within a compressed label. When a malicious DNS packet is crafted with a label length byte containing an incorrect offset, the software enters an infinite loop while attempting to resolve the DNS record. This is due to the program repeatedly attempting to read from an invalid memory location, causing the CPU to consume all available resources and ultimately leading to a DoS condition. The root cause is a lack of bounds checking on the offset value, allowing an attacker to provide a value that leads to out-of-bounds memory access and an infinite loop.