CVE-2004-0789 [Medium] | Spoofing in Delegate

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-03-30	1.93%	1.96%	+0.03%
2	2025-03-29	1.95%	1.93%	-0.03%
3	2024-12-17	—	1.95%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-03-30

1.93%

1.96%

+0.03%

2025-03-29

1.95%

1.93%

-0.03%

2024-12-17

—

1.95%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	10.0	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.0

2.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:P): Partial availability impact.

10.0

2.9

[email protected]

Affected software / configurations for CVE-2004-0789

Vendor	Product	Version	Raw CPE
delegate	delegate	7.7.0	cpe:2.3:a:delegate:delegate:7.7.0:::::::*
delegate	delegate	7.7.1	cpe:2.3:a:delegate:delegate:7.7.1:::::::*
delegate	delegate	7.8.0	cpe:2.3:a:delegate:delegate:7.8.0:::::::*
delegate	delegate	7.8.1	cpe:2.3:a:delegate:delegate:7.8.1:::::::*
delegate	delegate	7.8.2	cpe:2.3:a:delegate:delegate:7.8.2:::::::*
delegate	delegate	7.9.11	cpe:2.3:a:delegate:delegate:7.9.11:::::::*
delegate	delegate	8.3.3	cpe:2.3:a:delegate:delegate:8.3.3:::::::*
delegate	delegate	8.3.4	cpe:2.3:a:delegate:delegate:8.3.4:::::::*
delegate	delegate	8.4.0	cpe:2.3:a:delegate:delegate:8.4.0:::::::*
delegate	delegate	8.5.0	cpe:2.3:a:delegate:delegate:8.5.0:::::::*
delegate	delegate	8.9	cpe:2.3:a:delegate:delegate:8.9:::::::*
delegate	delegate	8.9.1	cpe:2.3:a:delegate:delegate:8.9.1:::::::*
delegate	delegate	8.9.2	cpe:2.3:a:delegate:delegate:8.9.2:::::::*
delegate	delegate	8.9.3	cpe:2.3:a:delegate:delegate:8.9.3:::::::*
delegate	delegate	8.9.4	cpe:2.3:a:delegate:delegate:8.9.4:::::::*
delegate	delegate	8.9.5	cpe:2.3:a:delegate:delegate:8.9.5:::::::*
dnrd	dnrd	1.0	cpe:2.3:a:dnrd:dnrd:1.0:::::::*
dnrd	dnrd	1.1	cpe:2.3:a:dnrd:dnrd:1.1:::::::*
dnrd	dnrd	1.2	cpe:2.3:a:dnrd:dnrd:1.2:::::::*
dnrd	dnrd	1.3	cpe:2.3:a:dnrd:dnrd:1.3:::::::*
dnrd	dnrd	1.4	cpe:2.3:a:dnrd:dnrd:1.4:::::::*
dnrd	dnrd	2.0	cpe:2.3:a:dnrd:dnrd:2.0:::::::*
dnrd	dnrd	2.1	cpe:2.3:a:dnrd:dnrd:2.1:::::::*
dnrd	dnrd	2.2	cpe:2.3:a:dnrd:dnrd:2.2:::::::*
dnrd	dnrd	2.3	cpe:2.3:a:dnrd:dnrd:2.3:::::::*
dnrd	dnrd	2.4	cpe:2.3:a:dnrd:dnrd:2.4:::::::*
dnrd	dnrd	2.5	cpe:2.3:a:dnrd:dnrd:2.5:::::::*
dnrd	dnrd	2.6	cpe:2.3:a:dnrd:dnrd:2.6:::::::*
dnrd	dnrd	2.7	cpe:2.3:a:dnrd:dnrd:2.7:::::::*
dnrd	dnrd	2.8	cpe:2.3:a:dnrd:dnrd:2.8:::::::*
dnrd	dnrd	2.9	cpe:2.3:a:dnrd:dnrd:2.9:::::::*
dnrd	dnrd	2.10	cpe:2.3:a:dnrd:dnrd:2.10:::::::*
don_moore	mydns	0.6	cpe:2.3:a:don_moore:mydns:0.6:::::::*
don_moore	mydns	0.7	cpe:2.3:a:don_moore:mydns:0.7:::::::*
don_moore	mydns	0.8	cpe:2.3:a:don_moore:mydns:0.8:::::::*
don_moore	mydns	0.9	cpe:2.3:a:don_moore:mydns:0.9:::::::*
don_moore	mydns	0.10.0	cpe:2.3:a:don_moore:mydns:0.10.0:::::::*
maradns	maradns	0.5.28	cpe:2.3:a:maradns:maradns:0.5.28:::::::*
maradns	maradns	0.5.29	cpe:2.3:a:maradns:maradns:0.5.29:::::::*
maradns	maradns	0.5.30	cpe:2.3:a:maradns:maradns:0.5.30:::::::*
maradns	maradns	0.5.31	cpe:2.3:a:maradns:maradns:0.5.31:::::::*
maradns	maradns	0.8.05	cpe:2.3:a:maradns:maradns:0.8.05:::::::*
pliant	pliant_dns_server	—	cpe:2.3:a:pliant:pliant_dns_server::::::::
posadis	posadis	0.50.4	cpe:2.3:a:posadis:posadis:0.50.4:::::::*
posadis	posadis	0.50.5	cpe:2.3:a:posadis:posadis:0.50.5:::::::*
posadis	posadis	0.50.6	cpe:2.3:a:posadis:posadis:0.50.6:::::::*
posadis	posadis	0.50.7	cpe:2.3:a:posadis:posadis:0.50.7:::::::*
posadis	posadis	0.50.8	cpe:2.3:a:posadis:posadis:0.50.8:::::::*
posadis	posadis	0.50.9	cpe:2.3:a:posadis:posadis:0.50.9:::::::*
posadis	posadis	0.60.0	cpe:2.3:a:posadis:posadis:0.60.0:::::::*
posadis	posadis	0.60.1	cpe:2.3:a:posadis:posadis:0.60.1:::::::*
posadis	posadis	m5pre1	cpe:2.3:a:posadis:posadis:m5pre1:::::::*
posadis	posadis	m5pre2	cpe:2.3:a:posadis:posadis:m5pre2:::::::*
qbik	wingate	3.0	cpe:2.3:a:qbik:wingate:3.0:::::::*
qbik	wingate	4.0.1	cpe:2.3:a:qbik:wingate:4.0.1:::::::*
qbik	wingate	4.1_beta_a	cpe:2.3:a:qbik:wingate:4.1_beta_a:::::::*
qbik	wingate	6.0	cpe:2.3:a:qbik:wingate:6.0:::::::*
qbik	wingate	6.0.1_build_993	cpe:2.3:a:qbik:wingate:6.0.1_build_993:::::::*
qbik	wingate	6.0.1_build_995	cpe:2.3:a:qbik:wingate:6.0.1_build_995:::::::*
team_johnlong	raidendnsd	—	cpe:2.3:a:team_johnlong:raidendnsd::::::::
axis	2100_network_camera	2.0	cpe:2.3:h:axis:2100_network_camera:2.0:::::::*
axis	2100_network_camera	2.01	cpe:2.3:h:axis:2100_network_camera:2.01:::::::*
axis	2100_network_camera	2.02	cpe:2.3:h:axis:2100_network_camera:2.02:::::::*
axis	2100_network_camera	2.03	cpe:2.3:h:axis:2100_network_camera:2.03:::::::*
axis	2100_network_camera	2.12	cpe:2.3:h:axis:2100_network_camera:2.12:::::::*
axis	2100_network_camera	2.30	cpe:2.3:h:axis:2100_network_camera:2.30:::::::*
axis	2100_network_camera	2.31	cpe:2.3:h:axis:2100_network_camera:2.31:::::::*
axis	2100_network_camera	2.32	cpe:2.3:h:axis:2100_network_camera:2.32:::::::*
axis	2100_network_camera	2.33	cpe:2.3:h:axis:2100_network_camera:2.33:::::::*
axis	2100_network_camera	2.34	cpe:2.3:h:axis:2100_network_camera:2.34:::::::*
axis	2100_network_camera	2.40	cpe:2.3:h:axis:2100_network_camera:2.40:::::::*
axis	2100_network_camera	2.41	cpe:2.3:h:axis:2100_network_camera:2.41:::::::*
axis	2110_network_camera	2.12	cpe:2.3:h:axis:2110_network_camera:2.12:::::::*
axis	2110_network_camera	2.30	cpe:2.3:h:axis:2110_network_camera:2.30:::::::*
axis	2110_network_camera	2.31	cpe:2.3:h:axis:2110_network_camera:2.31:::::::*
axis	2110_network_camera	2.32	cpe:2.3:h:axis:2110_network_camera:2.32:::::::*
axis	2110_network_camera	2.34	cpe:2.3:h:axis:2110_network_camera:2.34:::::::*
axis	2110_network_camera	2.40	cpe:2.3:h:axis:2110_network_camera:2.40:::::::*
axis	2110_network_camera	2.41	cpe:2.3:h:axis:2110_network_camera:2.41:::::::*
axis	2120_network_camera	2.12	cpe:2.3:h:axis:2120_network_camera:2.12:::::::*

References for CVE-2004-0789

URL	Tags
http://secunia.com/advisories/13145	Patch
http://securitytracker.com/id?1012157	Patch
http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en	Vendor Advisory
http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf	Vendor Advisory
http://www.posadis.org/advisories/pos_adv_006.txt	Patch Vendor Advisory
http://www.securityfocus.com/bid/11642	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/17997

URL

CVE-2004-0789

Exploit prediction scoring system (EPSS) score for CVE-2004-0789

Common vulnerability scoring system (CVSS) metrics for CVE-2004-0789

Weakness enumeration for CVE-2004-0789

Affected software / configurations for CVE-2004-0789

References for CVE-2004-0789