Bugtraq mailing list archives

MaraDNS denial of service vulnerabilities


From: jantunes () di fc ul pt
Date: 19 Jun 2007 13:00:28 -0000

---------------------------------------
Synopsis
----------------------------------------
Product: MaraDNS (http://www.maradns.org)
Affected versions: 1.2.12.05 (stable) and 1.3.04 (testing) and prior versions
Type: Local resource exhaustion / denial of service
Risk: Remote denial of service
Remote: Yes
Discovered by: Joao Antunes (PREDATOR - vulnerability discovery tool) on 8th May 2007
Exploit: Attackers can exploit this issue via DNS queries for reverse lookups or non-Internet class records.
Solution: Upgrade to 1.2.12.06 (stable) or 1.3.05 (testing)
Status: The developers were contacted and a new patched version was released
References: http://www.maradns.org/changelog.html

----------------------------------------
Vulnerability Description
----------------------------------------
MaraDNS 1.2.12.05 (stable) and 1.3.04 (testing) versions are prone to local resource exhaustion vulnerabilities 
susceptible of causing a denial of service.
DNS requests for reverse lookups (opcode != 0) or non-Internet class records (qclass != 1) queries will cause the 
server to leak approximately 550 bytes of memory.
This can be exploited by a remote attacker to cause MaraDNS to allocate an arbitrary large amount of memory, thus 
provoking a remote denial of service when exhausting all the available memory.


Current thread: