MaraDNS CVE-2011-0520 vulnerability can not allow remote code execution
Sam Trenholme
strenholme.usenet at gmail.com
Sun Jan 30 02:13:06 EST 2011
The following three websites claim that the vulnerability
CVE-2011-0520 allows remote code execution:
http://www.securityfocus.com/bid/45966/info
http://xforce.iss.net/xforce/xfdb/64885
http://secunia.com/advisories/43027
This is not true. The data placed on the overflowed buffer are not
controlled by a potential attacker; they are merely a series of
increasing integers which will not contain executable code.
Also, I have patched this bug and have released both MaraDNS 1.4.06
and MaraDNS 1.3.07.11 with this patch.
- Sam
More information about the list
mailing list