#VU44412 Input validation error in MaraDNS - CVE-2012-0024

Cybersecurity Help s.r.o.

Published: 2012-01-08 | Updated: 2020-08-11

Vulnerability identifier: #VU44412

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-0024

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MaraDNS
Server applications / DNS servers

Vendor: Sam Trenholme

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.

Mitigation
Install update from vendor's website.

Vulnerable software versions

MaraDNS: 0.0.01 - 1.4.07

External links
https://openwall.com/lists/oss-security/2012/01/03/13
https://openwall.com/lists/oss-security/2012/01/03/6
https://samiam.org/blog/20111229.html
https://bugzilla.redhat.com/show_bug.cgi?id=771428

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for MaraDNS

Input validation error in MaraDNS