[UNIX] MaraDNS Denial of Service Vulnerabilities

From: SecuriTeam <support@xxxxxxxxxxxxxx>
Date: 21 Jun 2007 20:06:55 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

MaraDNS Denial of Service Vulnerabilities
------------------------------------------------------------------------

SUMMARY

<http://www.maradns.org> MaraDNS is "a package that implements the Domain
Name Service (DNS), an essential internet service". Two denial of service
vulnerabilities have been found in MaraDNS, one is related to recursive
requests, while the other is related to the use of non-Internet class
records.

DETAILS

Vulnerable Systems:
* MaraDNS version 1.2.12.05
* MaraDNS version 1.3.04

Immune Systems:
* MaraDNS version 1.2.12.06
* MaraDNS version 1.3.05

MaraDNS are prone to local resource exhaustion vulnerabilities susceptible
of causing a denial of service. DNS requests for reverse lookups (opcode
!= 0) or non-Internet class records (qclass != 1) queries will cause the
server to leak approximately 550 bytes of memory. This can be exploited by
a remote attacker to cause MaraDNS to allocate an arbitrary large amount
of memory, thus provoking a remote denial of service when exhausting all
the available memory.

ADDITIONAL INFORMATION

The information has been provided by <mailto:jantunes@xxxxxxxxxxx> Joao
Antunes.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Prev by Date: [TOOL] Pixy - An Open-Source Vulnerability Scanner for PHP Applications
Next by Date: [NEWS] Ingres Database Multiple Heap Corruption Vulnerabilities
Previous by thread: [TOOL] Pixy - An Open-Source Vulnerability Scanner for PHP Applications
Next by thread: [NEWS] Ingres Database Multiple Heap Corruption Vulnerabilities
Index(es):
- Date
- Thread

Relevant Pages

[NEWS] WebMod Multiple Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... WebMod Multiple Vulnerabilities ... which acts as a web server for Half-Life running on the equivalent TCP ... The functions in parser.cpp are affected by some memory corruption ...
(Securiteam)
[NT] CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow ... Remote exploitation of multiple buffer overflow vulnerabilities in ... rxsGetSubDirs, rxsGetServerDBPathName, rxsSetServerOptions, rxsDeleteFile, ...
(Securiteam)
[NT] Defeating Microsoft Windows XP SP2 Heap Protection and DEP Bypass
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... and bypassing DEP (Data Execution Prevention). ... Buffer overrun attacks are among the most common mechanisms, or vectors, ... a long string to an input stream or control longer than the memory ...
(Securiteam)
[NT] Novell eDirectory Multiple Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Novell eDirectory Multiple Vulnerabilities ... Three different vulnerabilities were discovered in Novell's eDirectory ... NCP over IP length Heap Overflow: ...
(Securiteam)
[NEWS] Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities ...
(Securiteam)