Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 204351 (CVE-2008-0061)

Summary: net-dns/maradns < CNAME Remote DoS (CVE-2008-0061)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: matsuu
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-01-04 23:50:25 UTC
CVE-2008-0061 (
  MaraDNS 1.0 before 1.0.41, 1.2 before, and 1.3 before
  allows remote attackers to cause a denial of service via a crafted DNS packet
  that prevents an authoritative name (CNAME) record from resolving, aka
  "improper rotation of resource records."
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-01-04 23:51:40 UTC
Matsuu, please advise.
Comment 2 MATSUU Takuto (RETIRED) gentoo-dev 2008-01-06 03:11:19 UTC and in cvs.

please mark stable
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-01-06 08:49:47 UTC

Arches please test and mark stable. Target keywords are:
maradns-"amd64 ppc sparc x86"
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2008-01-06 18:26:26 UTC
ppc stable
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2008-01-06 18:40:22 UTC
x86 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2008-01-06 22:09:00 UTC
sparc stable
Comment 7 Peter Weller (RETIRED) gentoo-dev 2008-01-16 16:06:19 UTC
amd64 done.
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-01-16 19:07:13 UTC
This one is ready for GLSA vote. I vote YES.
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2008-01-27 19:19:07 UTC
yes, filed.
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-01-29 23:07:09 UTC
GLSA 200801-16 sent, thanks everybody