Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: maradns deleted domain record cache persistance flaw
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 20 Mar 2012 11:02:36 -0600

On 03/19/2012 10:18 PM, Vincent Danen wrote:
I haven't seen a request for this yet:

It was reported that MaraDNS suffers from a flaw where it is susceptible to
spoofing attacks.  Due to an error in the cache update policy, which
does not
properly handle revoked domain names, a remote attacker could keep a domain
name resolvable after it has been deleted from the registration.

This flaw is fixed in versions and 1.4.12, and is reported to
all prior versions.



Please use CVE-2012-1570 for this issue.

Kurt Seifried Red Hat Security Response Team (SRT)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]