Main Vulnerability Database Vulnerabilities #VU44412

Input validation error in MaraDNS - CVE-2012-0024

Published: January 8, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU44412

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-0024

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Sam Trenholme

Affected software:
MaraDNS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.

How to mitigate CVE-2012-0024

Install update from vendor's website.

Sources

http://openwall.com/lists/oss-security/2012/01/03/13
http://openwall.com/lists/oss-security/2012/01/03/6
http://samiam.org/blog/20111229.html
https://bugzilla.redhat.com/show_bug.cgi?id=771428

Input validation error in MaraDNS - CVE-2012-0024

Detailed vulnerability description

How to mitigate CVE-2012-0024

Sources

Please verify you're human