MidnightBSD

Advisories for maradns

CVE-2002-2097 MEDIUM

The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
maradns maradns 0.5.30
maradns maradns 0.5.29
maradns maradns 0.5.28
maradns maradns 0.9.00
maradns maradns 0.8.99
CVE-2004-0789 MEDIUM

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
axis 2420_network_camera 2.34
qbik wingate 6.0
delegate delegate 8.3.4
delegate delegate 7.8.0
dnrd dnrd 2.5
qbik wingate 4.0.1
dnrd dnrd 2.0
axis 2100_network_camera 2.12
delegate delegate 8.3.3
axis 2100_network_camera 2.01
axis 2100_network_camera 2.40
axis 2100_network_camera 2.32
posadis posadis 0.50.8
axis 2100_network_camera 2.03
axis 2110_network_camera 2.34
axis 2420_network_camera 2.31
axis 2120_network_camera 2.41
axis 2120_network_camera 2.31
maradns maradns 0.5.31
delegate delegate 8.4.0
delegate delegate 8.5.0
posadis posadis 0.50.5
axis 2420_network_camera 2.32
axis 2110_network_camera 2.40
delegate delegate 7.8.2
axis 2420_network_camera 2.30
axis 2100_network_camera 2.34
maradns maradns 0.5.29
dnrd dnrd 2.10
delegate delegate 8.9.3
axis 2110_network_camera 2.31
dnrd dnrd 2.3
dnrd dnrd 1.1
dnrd dnrd 2.4
dnrd dnrd 2.7
axis 2100_network_camera 2.30
don_moore mydns 0.10.0
delegate delegate 8.9.5
don_moore mydns 0.6
posadis posadis 0.50.4
axis 2100_network_camera 2.31
posadis posadis 0.50.6
pliant pliant_dns_server *
dnrd dnrd 1.2
posadis posadis 0.50.7
axis 2420_network_camera 2.40
maradns maradns 0.5.30
qbik wingate 3.0
dnrd dnrd 2.1
axis 2120_network_camera 2.34
qbik wingate 4.1_beta_a
delegate delegate 7.7.1
don_moore mydns 0.8
qbik wingate 6.0.1_build_993
dnrd dnrd 1.3
dnrd dnrd 1.4
axis 2100_network_camera 2.41
delegate delegate 7.7.0
axis 2110_network_camera 2.12
axis 2100_network_camera 2.0
axis 2420_network_camera 2.33
don_moore mydns 0.7
don_moore mydns 0.9
axis 2420_network_camera 2.12
delegate delegate 7.9.11
axis 2401_video_server 3.12
delegate delegate 7.8.1
posadis posadis m5pre1
posadis posadis m5pre2
qbik wingate 6.0.1_build_995
axis 2120_network_camera 2.40
axis 2400_video_server 3.11
posadis posadis 0.50.9
delegate delegate 8.9.2
axis 2110_network_camera 2.41
axis 2400_video_server 3.12
dnrd dnrd 2.8
delegate delegate 8.9.1
axis 2110_network_camera 2.32
maradns maradns 0.8.05
axis 2100_network_camera 2.33
maradns maradns 0.5.28
axis 2460_network_dvr 3.12
dnrd dnrd 1.0
dnrd dnrd 2.2
delegate delegate 8.9.4
axis 2420_network_camera 2.41
posadis posadis 0.60.0
axis 2120_network_camera 2.30
axis 2120_network_camera 2.12
dnrd dnrd 2.9
axis 2110_network_camera 2.30
posadis posadis 0.60.1
dnrd dnrd 2.6
axis 2120_network_camera 2.32
delegate delegate 8.9
axis 2100_network_camera 2.02
team_johnlong raidendnsd *
CVE-2010-2444 MEDIUM

parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
maradns maradns 1.3.07.01
maradns maradns 1.3.08
maradns maradns 1.3.11
maradns maradns 1.3.10
maradns maradns 1.4.01
maradns maradns 1.3.07.03
maradns maradns 1.3.07.04
maradns maradns 1.3.04
maradns maradns 1.3.03
maradns maradns 1.3.07.02
maradns maradns 1.3.09
maradns maradns 1.3.05
maradns maradns 1.4.02
maradns maradns 1.3.06
maradns maradns 1.3.07.09
maradns maradns 1.3.12
maradns maradns 1.3.13
maradns maradns 1.3.07.06
maradns maradns 1.3.07.08
maradns maradns 1.3.07.07
maradns maradns 1.3.07.05
maradns maradns 1.3.14
CVE-2011-0520 HIGH

The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
maradns maradns 1.4.03
maradns maradns 1.4.05
CVE-2011-5055 MEDIUM

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
maradns maradns 1.3.07.012
maradns maradns 1.4.08
CVE-2011-5056 LOW

The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024.

CVSS 2.0

Severity: LOW

Problem Type: CWE-400,

Products Affected

Vendor Product Version
maradns maradns *
CVE-2012-0024 HIGH

MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
maradns maradns *
CVE-2012-1570 MEDIUM

The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
maradns maradns *
CVE-2022-30256

An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.

Products Affected

Vendor Product Version
maradns maradns *
CVE-2023-31137

MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination. The vulnerability exists in the `decomp_get_rddata` function within the `Decompress.c` file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the `rdlength` is smaller than `rdata`, the result of the line `Decompress.c:886` is a negative number `len = rdlength - total;`. This value is then passed to the `decomp_append_bytes` function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service. One proposed fix for this vulnerability is to patch `Decompress.c:887` by breaking `if(len <= 0)`, which has been incorporated in version 3.5.0036 via commit bab062bde40b2ae8a91eecd522e84d8b993bab58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 37
debian debian_linux 10.0
fedoraproject fedora 38
maradns maradns *
debian debian_linux 11.0