Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 352569 (CVE-2011-0520)

Summary: <net-dns/maradns-1.4.06: heap-based buffer overflow (CVE-2011-0520)
Product: Gentoo Security Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: matsuu
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-24 07:13:46 UTC 
A crash bug has been reported against MaraDNS 1.4.03 when long queries are 
sent to the resolver. Details can be found at:
http://bugs.debian.org/610834

As of the time of writing, the reporter is testing other versions and at least 
1.4.05 also seems to be affected.

http://comments.gmane.org/gmane.comp.security.oss.general/4115
Comment 1 MATSUU Takuto (RETIRED) gentoo-dev 2011-01-24 13:24:41 UTC 
1.4.05 in cvs.
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-24 14:43:41 UTC 
(In reply to comment #0)
> As of the time of writing, the reporter is testing other versions and at least 
> 1.4.05 also seems to be affected.

(In reply to comment #1)
> 1.4.05 in cvs.

Thank you. However, it doesn't seem to fix the vulnerability, based on the above info and upstream's changelog.
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-25 07:08:16 UTC 
According to http://secunia.com/advisories/43027/ maradns-1.4.05 is affected. Moreover, the issue is rated as "highly critical" by Secunia, and it may lead to arbitrary code execution.
Comment 4 MATSUU Takuto (RETIRED) gentoo-dev 2011-01-25 07:36:30 UTC 
its my mistake.

maradns-2.0.01 is also affected.
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-30 12:17:31 UTC 
1.4.06 has been released (http://maradns.org/changelog.html), please bump the ebuild.
Comment 6 MATSUU Takuto (RETIRED) gentoo-dev 2011-01-30 14:34:54 UTC 
1.4.06 in cvs.
removed 2.0.01 and p.mask.
please mark stable =net-dns/maradns-1.4.06
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-30 15:03:13 UTC 
Thank you. Arches, please test and stabilize =net-dns/maradns-1.4.06
Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-01-30 16:35:08 UTC 
ppc stable
Comment 9 Christian Faulhammer (RETIRED) gentoo-dev 2011-01-30 17:41:33 UTC 
x86 stable
Comment 10 Agostino Sarubbo gentoo-dev 2011-01-31 12:05:55 UTC 
amd64 ok
Comment 11 Markos Chandras (RETIRED) gentoo-dev 2011-02-10 22:19:24 UTC 
amd64 done. Thanks Agostino
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2011-02-12 17:54:10 UTC 
sparc stable
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2011-02-12 18:16:56 UTC 
Thanks, everyone. GLSA request filed.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 00:30:43 UTC 
CVE-2011-0520 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0520):
  The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03,
  1.4.05, and probably other versions allows remote attackers to cause a
  denial of service (segmentation fault) and possibly execute arbitrary code
  via a long DNS hostname with a large number of labels, which triggers a
  heap-based buffer overflow.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2011-11-20 18:16:45 UTC 
This issue was resolved and addressed in
 GLSA 201111-06 at http://security.gentoo.org/glsa/glsa-201111-06.xml
by GLSA coordinator Alex Legler (a3li).