CVE-2010-2444

Priority
Medium
Description
parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03,
does not properly handle hostnames that do not end in a "." (dot)
character, which allows remote attackers to cause a denial of service (NULL
pointer dereference) via a crafted csv2 zone file.
References
Bugs
Package
Upstream:released (1.4.03)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.4.03-1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (1.4.03-1)
Ubuntu 13.04 (Raring Ringtail):not-affected (1.4.03-1)
Ubuntu 13.10 (Saucy Salamander):not-affected (1.4.03-1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.4.03-1)
Patches:
Upstream:http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-20 21:16:10 UTC (commit 7585)