diff options
author | miwi <miwi@FreeBSD.org> | 2008-01-11 03:38:12 +0800 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2008-01-11 03:38:12 +0800 |
commit | 6a0a98991b0a6df779660f87208bfe158ad070d4 (patch) | |
tree | 2436a9135e944a1006444d48486db3440b5e1936 /security | |
parent | d06a5c72f529876c1cfaed348f178d42df6d53fd (diff) | |
download | freebsd-ports-gnome-6a0a98991b0a6df779660f87208bfe158ad070d4.tar.gz freebsd-ports-gnome-6a0a98991b0a6df779660f87208bfe158ad070d4.tar.zst freebsd-ports-gnome-6a0a98991b0a6df779660f87208bfe158ad070d4.zip |
- Document maradns -- CNAME record resource rotation denial of service
PR: ports/119471 (based on)
Submitted by: Mark D. Foster <mark@foster.cc>
Reviewed by: simon
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d6cf64f9bd19..d1ab1cfd5ee0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f358de71-bf64-11dc-928b-0016179b2dd5"> + <topic>maradns -- CNAME record resource rotation denial of service</topic> + <affects> + <package> + <name>maradns</name> + <range><lt>1.2.12.08</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/28329"> + <p>A vulnerability has been reported in MaraDNS, which can be exploited + by malicious people to cause a Denial of Service.</p> + <p>The vulnerability is caused due to an error within the handling of + certain DNS packets. This can be exploited to cause a resource rotation + by sending specially crafted DNS packets, which cause an authoritative + CNAME record to not resolve, resulting in a Denial of Sevices. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-0061</cvename> + <url>http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html</url> + <url>http://secunia.com/advisories/28329</url> + </references> + <dates> + <discovery>2008-01-04</discovery> + <entry>2008-01-10</entry> + </dates> + </vuln> + <vuln vid="f762ccbb-baed-11dc-a302-000102cc8983"> <topic>linux-realplayer -- multiple vulnerabilities</topic> <affects> |