Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Feb 2014 18:59:33 +0100
From: Martin Prpic <>
Subject: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings

Hi, can a CVE be assigned to the following issue?

It was reported that MaraDNS's recursive resolver, Deadwood, suffers
from a flaw where string bounds checking was not done correctly under
certain circumstances. As a result, it was possible for a remote
attacker to send Deadwood a "packet of death", which would cause
Deadwood to crash. Upstream notes that it currently appears that this
attack can only be exploited by an IP address with a permission to
perform recursive queries against Deadwood.

It looks like these are the appropriate patches in git:


Martin Prpič / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ