FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

maradns -- CNAME record resource rotation denial of service

Affected packages
maradns < 1.2.12.08

Details

VuXML ID f358de71-bf64-11dc-928b-0016179b2dd5
Discovery 2008-01-04
Entry 2008-01-10

Secunia reports:

A vulnerability has been reported in MaraDNS, which can be exploited by malicious people to cause a Denial of Service.

The vulnerability is caused due to an error within the handling of certain DNS packets. This can be exploited to cause a resource rotation by sending specially crafted DNS packets, which cause an authoritative CNAME record to not resolve, resulting in a Denial of Sevices.

References

CVE Name CVE-2008-0061
URL http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html
URL http://secunia.com/advisories/28329