oss-sec mailing list archives
CVE request: maradns deleted domain record cache persistance flaw
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 19 Mar 2012 22:18:08 -0600
I haven't seen a request for this yet: It was reported that MaraDNS suffers from a flaw where it is susceptible to spoofing attacks. Due to an error in the cache update policy, which does not properly handle revoked domain names, a remote attacker could keep a domain name resolvable after it has been deleted from the registration. This flaw is fixed in versions 1.3.0.7.15 and 1.4.12, and is reported to affect all prior versions. References: http://www.maradns.org/changelog.html https://secunia.com/advisories/48492/ https://bugzilla.redhat.com/show_bug.cgi?id=804770 --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: maradns deleted domain record cache persistance flaw Vincent Danen (Mar 19)
- Re: CVE request: maradns deleted domain record cache persistance flaw Kurt Seifried (Mar 20)