Security Information / 2011 / Security Information -- DSA-2196-1 maradns

Debian Security Advisory

DSA-2196-1 maradns -- buffer overflow

Date Reported:

19 Mar 2011

Affected Packages:

maradns

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 610834.
In Mitre's CVE dictionary: CVE-2011-0520.

More information:

Witold Baryluk discovered that MaraDNS, a simple security-focused Domain Name System server, may overflow an internal buffer when handling requests with a large number of labels, causing a server crash and the consequent denial of service.

For the oldstable distribution (lenny), this problem has been fixed in version 1.3.07.09-2.1.

For the stable distribution (squeeze) and greater this problem had already been fixed in version 1.4.03-1.1.

We recommend that you upgrade your maradns packages.