aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authormiwi <miwi@FreeBSD.org>2008-01-11 03:38:12 +0800
committermiwi <miwi@FreeBSD.org>2008-01-11 03:38:12 +0800
commit6a0a98991b0a6df779660f87208bfe158ad070d4 (patch)
tree2436a9135e944a1006444d48486db3440b5e1936 /security
parentd06a5c72f529876c1cfaed348f178d42df6d53fd (diff)
downloadfreebsd-ports-gnome-6a0a98991b0a6df779660f87208bfe158ad070d4.tar.gz
freebsd-ports-gnome-6a0a98991b0a6df779660f87208bfe158ad070d4.tar.zst
freebsd-ports-gnome-6a0a98991b0a6df779660f87208bfe158ad070d4.zip
- Document maradns -- CNAME record resource rotation denial of service
PR: ports/119471 (based on) Submitted by: Mark D. Foster <mark@foster.cc> Reviewed by: simon
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml33
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index d6cf64f9bd19..d1ab1cfd5ee0 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f358de71-bf64-11dc-928b-0016179b2dd5">
+ <topic>maradns -- CNAME record resource rotation denial of service</topic>
+ <affects>
+ <package>
+ <name>maradns</name>
+ <range><lt>1.2.12.08</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Secunia reports:</p>
+ <blockquote cite="http://secunia.com/advisories/28329">
+ <p>A vulnerability has been reported in MaraDNS, which can be exploited
+ by malicious people to cause a Denial of Service.</p>
+ <p>The vulnerability is caused due to an error within the handling of
+ certain DNS packets. This can be exploited to cause a resource rotation
+ by sending specially crafted DNS packets, which cause an authoritative
+ CNAME record to not resolve, resulting in a Denial of Sevices.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2008-0061</cvename>
+ <url>http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html</url>
+ <url>http://secunia.com/advisories/28329</url>
+ </references>
+ <dates>
+ <discovery>2008-01-04</discovery>
+ <entry>2008-01-10</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f762ccbb-baed-11dc-a302-000102cc8983">
<topic>linux-realplayer -- multiple vulnerabilities</topic>
<affects>