CVE-2012-0024
Priority
Medium
Description
MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for
DNS data without restricting the ability to trigger hash collisions
predictably, which allows remote attackers to cause a denial of service
(CPU consumption) by sending many crafted queries with the Recursion
Desired (RD) bit set.
DNS data without restricting the ability to trigger hash collisions
predictably, which allows remote attackers to cause a denial of service
(CPU consumption) by sending many crafted queries with the Recursion
Desired (RD) bit set.
References
Package
| Upstream: | released (1.4.08) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needed |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (2.0.04+really1.4.09-1) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (2.0.04+really1.4.09-1) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (2.0.04+really1.4.09-1) |
| Ubuntu 13.10 (Saucy Salamander): | not-affected (2.0.04+really1.4.09-1) |
Patches:
| Upstream: | http://maradns.org/download/patches/maradns-1.3-better_hash.patch |