BID:52558

MaraDNS Cache Update Policy Spoofing Vulnerability

Info

MaraDNS Cache Update Policy Spoofing Vulnerability

Bugtraq ID:	52558
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 19 2012 12:00AM
Updated:	Mar 19 2012 12:00AM
Credit:	Reported by the vendor.
Vulnerable:	MaraDNS MaraDNS 1.4.9 MaraDNS MaraDNS 1.4.6 MaraDNS MaraDNS 1.4.5 MaraDNS MaraDNS 1.3.7 .04 MaraDNS MaraDNS 1.4.03 MaraDNS MaraDNS 1.3.07.13 MaraDNS MaraDNS 1.3.07.11 MaraDNS MaraDNS 1.3.07.10

Not Vulnerable:	MaraDNS MaraDNS 1.4.12 MaraDNS MaraDNS 1.3.07.15

Discussion

MaraDNS Cache Update Policy Spoofing Vulnerability

MaraDNS is prone to a security vulnerability that may allow attackers to conduct spoofing attacks.

This issue can be exploited to keep a domain name resolvable even after deletion from the DNS server. This may aid in phishing attacks.

MaraDNS versions prior to 1.3.07.15 and 1.4.12 are vulnerable.

Exploit / POC

MaraDNS Cache Update Policy Spoofing Vulnerability

Attackers can exploit this issue using readily available tools.

Solution / Fix

MaraDNS Cache Update Policy Spoofing Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

MaraDNS Cache Update Policy Spoofing Vulnerability

References:

MaraDNS changelog (MaraDNS)
MaraDNS Homepage (MaraDNS)