Remote crash in maradns 1.4.03 and 05
Witold Baryluk
baryluk at smp.if.uj.edu.pl
Fri Jan 28 07:32:00 EST 2011
Hi,
i disocvered security problem in maradns 1.4.x, which can lead
to denial of service.
problem is when compressing back answer to the very long AAAA (but still valid) queries.
Problems appear when too much labels overflow labels dictionary in compression
routing, leading to memmory coruption and eventually crash in this or next queries.
Bug comes from the some code errors, especially messed up
and hardcoded indexing/limits/size/malloc/bounds :/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834
Thanks.
--
Witold Baryluk
More information about the list
mailing list