A crash bug has been reported against MaraDNS 1.4.03 when long queries are sent to the resolver. Details can be found at: http://bugs.debian.org/610834 As of the time of writing, the reporter is testing other versions and at least 1.4.05 also seems to be affected. http://comments.gmane.org/gmane.comp.security.oss.general/4115
1.4.05 in cvs.
(In reply to comment #0) > As of the time of writing, the reporter is testing other versions and at least > 1.4.05 also seems to be affected. (In reply to comment #1) > 1.4.05 in cvs. Thank you. However, it doesn't seem to fix the vulnerability, based on the above info and upstream's changelog.
According to http://secunia.com/advisories/43027/ maradns-1.4.05 is affected. Moreover, the issue is rated as "highly critical" by Secunia, and it may lead to arbitrary code execution.
its my mistake. maradns-2.0.01 is also affected.
1.4.06 has been released (http://maradns.org/changelog.html), please bump the ebuild.
1.4.06 in cvs. removed 2.0.01 and p.mask. please mark stable =net-dns/maradns-1.4.06
Thank you. Arches, please test and stabilize =net-dns/maradns-1.4.06
ppc stable
x86 stable
amd64 ok
amd64 done. Thanks Agostino
sparc stable
Thanks, everyone. GLSA request filed.
CVE-2011-0520 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0520): The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow.
This issue was resolved and addressed in GLSA 201111-06 at http://security.gentoo.org/glsa/glsa-201111-06.xml by GLSA coordinator Alex Legler (a3li).
