Joined: 12 May 2004
|Posted: Sun Nov 20, 2011 6:26 pm Post subject: [ GLSA 201111-06 ] MaraDNS: Arbitrary code execution
|Gentoo Linux Security Advisory
Title: MaraDNS: Arbitrary code execution (GLSA 201111-06)
Date: November 20, 2011
A buffer overflow vulnerability in MaraDNS allows remote attackers
to execute arbitrary code or cause a Denial of Service.
MaraDNS is a proxy DNS server with permanent caching.
Vulnerable: < 1.4.06
Unaffected: >= 1.4.06
Architectures: All supported architectures
A long DNS hostname with a large number of labels could trigger a buffer
overflow in the compress_add_dlabel_points() function of dns/Compress.c.
A remote unauthenticated attacker could execute arbitrary code or cause
a Denial of Service.
There is no known workaround at this time.
All MaraDNS users should upgrade to the latest stable version:
NOTE: This is a legacy GLSA. Updates for all affected architectures are
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/maradns-1.4.06"
available since February 12, 2011. It is likely that your system is
already no longer affected by this issue.
Last edited by GLSA on Tue May 20, 2014 4:30 am; edited 2 times in total