Remote crash in maradns 1.4.03 and 05
Sam Trenholme
strenholme.usenet at gmail.com
Fri Jan 28 10:30:38 EST 2011
Real quickly:
Deadwood uses a completely different rewritten DNS
compression/decompression routine which doesn't have this bug; the
code in question was written in 2002 (and was in turn a complete
rewrite of the compression code that caused CVE-2002-2097; I've done
the DNS compression code three times).
I will look at this bug over the weekend.
- Sam
2011/1/28 Witold Baryluk <baryluk at smp.if.uj.edu.pl>:
> Hi,
>
> i disocvered security problem in maradns 1.4.x, which can lead
> to denial of service.
>
> problem is when compressing back answer to the very long AAAA (but still valid) queries.
> Problems appear when too much labels overflow labels dictionary in compression
> routing, leading to memmory coruption and eventually crash in this or next queries.
>
> Bug comes from the some code errors, especially messed up
> and hardcoded indexing/limits/size/malloc/bounds :/
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834
>
> Thanks.
>
> --
> Witold Baryluk
>
More information about the list
mailing list