[Secure-testing-team] Bug#665012: CVE-2012-1570: maradns deleted domain record cache persistance flaw
Giuseppe Iuculano
iuculano at debian.org
Thu Mar 22 10:28:18 UTC 2012
Package: maradns
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It was reported that MaraDNS suffers from a flaw where it is susceptible to
spoofing attacks. Due to an error in the cache update policy, which
does not properly handle revoked domain names, a remote attacker could keep a
domain name resolvable after it has been deleted from the registration.
This flaw is fixed in versions 1.3.0.7.15 and 1.4.12, and is reported to
affect all prior versions.
References:
http://www.maradns.org/changelog.html
https://secunia.com/advisories/48492/
https://bugzilla.redhat.com/show_bug.cgi?id=804770
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk9q/sIACgkQNxpp46476arqDQCfSFeWlawN7py9L5lKIE+xR1ix
ATIAn0DxeHe7ugtuET2C9uHbJcAkIwkz
=Pu/Y
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list