Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-0520

The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2011-0520 (Candidate) is related to these bugs:

Bug #711315: Sync maradns 1.4.03-1.1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	711315	Sync maradns 1.4.03-1.1 (universe) from Debian unstable (main)		maradns (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2011012...
MLIST: [oss-security] 2011012...
CONFIRM: http://bugs.debian.org...
BID: 45966
OSVDB: 70630
SECUNIA: 43027
DEBIAN: DSA-2196
SECUNIA: 43107
VUPEN: ADV-2011-0699
XF: maradns-compressadddla...