Summary: | <net-dns/maradns-1.4.06: heap-based buffer overflow (CVE-2011-0520) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | matsuu |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834 | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-01-24 07:13:46 UTC
1.4.05 in cvs. (In reply to comment #0) > As of the time of writing, the reporter is testing other versions and at least > 1.4.05 also seems to be affected. (In reply to comment #1) > 1.4.05 in cvs. Thank you. However, it doesn't seem to fix the vulnerability, based on the above info and upstream's changelog. According to http://secunia.com/advisories/43027/ maradns-1.4.05 is affected. Moreover, the issue is rated as "highly critical" by Secunia, and it may lead to arbitrary code execution. its my mistake. maradns-2.0.01 is also affected. 1.4.06 has been released (http://maradns.org/changelog.html), please bump the ebuild. 1.4.06 in cvs. removed 2.0.01 and p.mask. please mark stable =net-dns/maradns-1.4.06 Thank you. Arches, please test and stabilize =net-dns/maradns-1.4.06 ppc stable x86 stable amd64 ok amd64 done. Thanks Agostino sparc stable Thanks, everyone. GLSA request filed. CVE-2011-0520 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0520): The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow. This issue was resolved and addressed in GLSA 201111-06 at http://security.gentoo.org/glsa/glsa-201111-06.xml by GLSA coordinator Alex Legler (a3li). |