Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: maradns deleted domain record cache persistance flaw
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 19 Mar 2012 22:18:08 -0600

I haven't seen a request for this yet:

It was reported that MaraDNS suffers from a flaw where it is susceptible to
spoofing attacks.  Due to an error in the cache update policy, which does not
properly handle revoked domain names, a remote attacker could keep a domain
name resolvable after it has been deleted from the registration.

This flaw is fixed in versions 1.3.0.7.15 and 1.4.12, and is reported to affect
all prior versions.

References:

http://www.maradns.org/changelog.html
https://secunia.com/advisories/48492/
https://bugzilla.redhat.com/show_bug.cgi?id=804770

--
Vincent Danen / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]