Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17296
HistoryJun 19, 2007 - 12:00 a.m.

MaraDNS denial of service vulnerabilities

2007-06-1900:00:00
vulners.com
9
JSON

Synopsis

Product: MaraDNS (http://www.maradns.org)
Affected versions: 1.2.12.05 (stable) and 1.3.04 (testing) and prior versions
Type: Local resource exhaustion / denial of service
Risk: Remote denial of service
Remote: Yes
Discovered by: Joao Antunes (PREDATOR - vulnerability discovery tool) on 8th May 2007
Exploit: Attackers can exploit this issue via DNS queries for reverse lookups or non-Internet class records.
Solution: Upgrade to 1.2.12.06 (stable) or 1.3.05 (testing)
Status: The developers were contacted and a new patched version was released
References: http://www.maradns.org/changelog.html

Vulnerability Description

MaraDNS 1.2.12.05 (stable) and 1.3.04 (testing) versions are prone to local resource exhaustion vulnerabilities susceptible of causing a denial of service.
DNS requests for reverse lookups (opcode != 0) or non-Internet class records (qclass != 1) queries will cause the server to leak approximately 550 bytes of memory.
This can be exploited by a remote attacker to cause MaraDNS to allocate an arbitrary large amount of memory, thus provoking a remote denial of service when exhausting all the available memory.

JSON