Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 204351 (CVE-2008-0061) - net-dns/maradns < 1.2.12.09 CNAME Remote DoS (CVE-2008-0061)
Summary: net-dns/maradns < 1.2.12.09 CNAME Remote DoS (CVE-2008-0061)
Status: RESOLVED FIXED
Alias: CVE-2008-0061
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://maradns.blogspot.com/2007/08/m...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-04 23:50 UTC by Robert Buchholz (RETIRED)
Modified: 2008-01-29 23:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-01-04 23:50:25 UTC
CVE-2008-0061 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0061):
  MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04
  allows remote attackers to cause a denial of service via a crafted DNS packet
  that prevents an authoritative name (CNAME) record from resolving, aka
  "improper rotation of resource records."
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-01-04 23:51:40 UTC
Matsuu, please advise.
Comment 2 MATSUU Takuto (RETIRED) gentoo-dev 2008-01-06 03:11:19 UTC
1.2.12.09 and 1.3.07.08 in cvs.

please mark stable 1.2.12.09
Comment 3 Sune Kloppenborg Jeppesen gentoo-dev 2008-01-06 08:49:47 UTC
Thx MATSUU.

Arches please test and mark stable. Target keywords are:
maradns-1.2.12.09.ebuild:KEYWORDS="amd64 ppc sparc x86"
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2008-01-06 18:26:26 UTC
ppc stable
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2008-01-06 18:40:22 UTC
x86 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2008-01-06 22:09:00 UTC
sparc stable
Comment 7 Peter Weller (RETIRED) gentoo-dev 2008-01-16 16:06:19 UTC
amd64 done.
Comment 8 Sune Kloppenborg Jeppesen gentoo-dev 2008-01-16 19:07:13 UTC
This one is ready for GLSA vote. I vote YES.
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2008-01-27 19:19:07 UTC
yes, filed.
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-01-29 23:07:09 UTC
GLSA 200801-16 sent, thanks everybody