MaraDNS Multiple Remote Denial of Service Vulnerabilities

TITLE: MaraDNS Multiple Remote Denial of Service Vulnerabilities
CLASS: Design Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 06 2007 12:00AM
UPDATE: Jun 19 2007 05:39PM
CREDIT: Rani Assaf and Joćo Antunes discovered these issues.
VULNERABLE:

MaraDNS MaraDNS 1.3.4
MaraDNS MaraDNS 1.2.12 .05
MaraDNS MaraDNS 1.2.12 .04
MaraDNS MaraDNS 1.2.12 .03
NOT VULNERABLE:
MaraDNS MaraDNS 1.3.5
MaraDNS MaraDNS 1.2.12 .06

Vai alla pagina originale su Security Focus

Discussion

MaraDNS is prone to multiple remote denial-of-service vulnerabilities because of memory leaks.

Successfully exploiting these issues allows remote attackers to crash affected servers by exhausting memory resources. This will deny further service to legitimate users.

Versions in the 1.2 and 1.3 series prior to 1.2.12.06 and 1.3.05 are vulnerable to these issues.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

Solution

Solution:
The vendor has released versions 1.2.12.05 and 1.2.12.06 to address these issues.


MaraDNS MaraDNS 1.2.12 .05


MaraDNS MaraDNS 1.2.12 .03

MaraDNS MaraDNS 1.2.12 .04

MaraDNS MaraDNS 1.3.4

References

References:

PhpLog

BNLug Benevento Linux Users Group