MaraDNS Multiple Remote Denial of Service Vulnerabilities
BID:24337
Info
MaraDNS Multiple Remote Denial of Service Vulnerabilities
| Bugtraq ID: | 24337 |
| Class: | Design Error |
| CVE: |
CVE-2007-3114 CVE-2007-3115 CVE-2007-3116 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 06 2007 12:00AM |
| Updated: | Jun 25 2007 04:18PM |
| Credit: | Rani Assaf and João Antunes discovered these issues. |
| Vulnerable: |
MaraDNS MaraDNS 1.3.4 MaraDNS MaraDNS 1.2.12 .05 MaraDNS MaraDNS 1.2.12 .04 MaraDNS MaraDNS 1.2.12 .03 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha |
| Not Vulnerable: |
MaraDNS MaraDNS 1.3.5 MaraDNS MaraDNS 1.2.12 .06 |
Discussion
MaraDNS Multiple Remote Denial of Service Vulnerabilities
MaraDNS is prone to multiple remote denial-of-service vulnerabilities because of memory leaks.
Successfully exploiting these issues allows remote attackers to crash affected servers by exhausting memory resources. This will deny further service to legitimate users.
Versions in the 1.2 and 1.3 series prior to 1.2.12.06 and 1.3.05 are vulnerable to these issues.
MaraDNS is prone to multiple remote denial-of-service vulnerabilities because of memory leaks.
Successfully exploiting these issues allows remote attackers to crash affected servers by exhausting memory resources. This will deny further service to legitimate users.
Versions in the 1.2 and 1.3 series prior to 1.2.12.06 and 1.3.05 are vulnerable to these issues.
Exploit / POC
MaraDNS Multiple Remote Denial of Service Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
MaraDNS Multiple Remote Denial of Service Vulnerabilities
Solution:
The vendor has released versions 1.2.12.05 and 1.2.12.06 to address these issues.
MaraDNS MaraDNS 1.2.12 .04
MaraDNS MaraDNS 1.2.12 .05
MaraDNS MaraDNS 1.2.12 .03
MaraDNS MaraDNS 1.3.4
Solution:
The vendor has released versions 1.2.12.05 and 1.2.12.06 to address these issues.
MaraDNS MaraDNS 1.2.12 .04
-
MaraDNS maradns-1.2.12.06.tar.gz
http://www.maradns.org/download/1.2/1.2.12.06/maradns-1.2.12.06.tar.gz
MaraDNS MaraDNS 1.2.12 .05
-
MaraDNS maradns-1.2.12.06.tar.gz
http://www.maradns.org/download/1.2/1.2.12.06/maradns-1.2.12.06.tar.gz
MaraDNS MaraDNS 1.2.12 .03
-
MaraDNS maradns-1.2.12.06.tar.gz
http://www.maradns.org/download/1.2/1.2.12.06/maradns-1.2.12.06.tar.gz
MaraDNS MaraDNS 1.3.4
-
MaraDNS maradns-1.3.05.tar.gz
http://www.maradns.org/download/1.3/1.3.05/maradns-1.3.05.tar.gz
References
MaraDNS Multiple Remote Denial of Service Vulnerabilities
References:
References:
- MaraDNS changelog (MaraDNS)
- MaraDNS Homepage (MaraDNS)
- MaraDNS denial of service vulnerabilities ([email protected] )