DNS4Me Multiple Vulnerabilities
Vendor: RhinoSoft
Product: DNS4Me
Version: <= 3.0.0.4
Website: http://www.dns4me.com/
BID: 11213
CVE: CVE-2004-1690 CVE-2004-1691
OSVDB: 10038 10039
SECUNIA: 12595
Description:
DNS4Me is the dynamic DNS service that you need to start hosting your own Internet services. When you have a dynamic IP address, you need something to associate a static domain name with it to make it easier for visitors to access the services you provide. With DNS4Me, you can take control of your Web site by running your own HTTP server. Without a hosting company, you've eliminated the cost of hosting as well as a layer of contact between you and your Web site. This gives you unparalleled control overits configuration, content, and delivery. But the benefits of dynamic DNS aren't just for HTTP servers. Any service that can make use of a domain name can benefit from DNS4Me. This includes FTP servers, e-mail servers, daemons for today's popular computer games, NetMeeting… With the reliability and excellent support you've come to expect of RhinoSoft.com backing up DNS4Me, you'll get a powerful, no hassle dynamic DNS solution.


Cross Site Scripting:
It is possible for an attacker to render malicious code in a victims browser by sending them a url to request a document on the server(s), which contains A malformed query string.

http://127.0.0.1/?%3E%3Cscript%3Ealert('XSS')%3C/script%3E

Any code in the query string will be executed and cause cross site scripting.


Denial Of Service:
RhinoSoft.com DNS4Me Web Server is vulnerable to Denial Of Service attacks. If a malicious user sends a large amount of data to port 80, or the port that the DNS4Me Web Server is running on, it will send the CPU usage to 99% and eventually crash the affected server.


Solution:
The developers were contacted last month about these issues. They said they needed a month to resolve them. It has been one month so users should check their website for an update. Also, the RhinoSoft HTTP server may be included in other RhinoSoft apps as well. Not sure of this, but something for other researchers to look out for.


Credits:
James Bercegay of the GulfTech Security Research Team.