PT-2010-4024 · Maradns · Maradns
Moritz Muehlenhoff
·
Published
2010-06-25
·
Updated
2010-06-28
·
CVE-2010-2444
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
MaraDNS versions 1.3.03 and prior to 1.4.03
Description
The issue arises from improper handling of hostnames that do not end in a "." (dot) character in the parse/Csv2 parse.c file. This allows remote attackers to cause a denial of service through a NULL pointer dereference by using a crafted csv2 zone file.
Recommendations
For MaraDNS versions 1.3.03 and prior to 1.4.03, update to version 1.4.03 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Maradns