GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Nov 20, 2011 6:26 pm Post subject: [ GLSA 201111-06 ] MaraDNS: Arbitrary code execution |
 |
|
Gentoo Linux Security Advisory
Title: MaraDNS: Arbitrary code execution (GLSA 201111-06)
Severity: high
Exploitable: remote
Date: November 20, 2011
Bug(s): #352569
ID: 201111-06
Synopsis
A buffer overflow vulnerability in MaraDNS allows remote attackers
to execute arbitrary code or cause a Denial of Service.
Background
MaraDNS is a proxy DNS server with permanent caching.
Affected Packages
Package: net-dns/maradns
Vulnerable: < 1.4.06
Unaffected: >= 1.4.06
Architectures: All supported architectures
Description
A long DNS hostname with a large number of labels could trigger a buffer
overflow in the compress_add_dlabel_points() function of dns/Compress.c.
Impact
A remote unauthenticated attacker could execute arbitrary code or cause
a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All MaraDNS users should upgrade to the latest stable version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/maradns-1.4.06"
|
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since February 12, 2011. It is likely that your system is
already no longer affected by this issue.
References
CVE-2011-0520
Last edited by GLSA on Tue May 20, 2014 4:30 am; edited 2 times in total |
|
News & Announcements
