Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Mar 2011 12:11:15 -0600
From: Vincent Danen <>
Subject: Re: MaraDNS 1.4.06 and released

* [2011-01-29 22:21:08 -0700] Sam Trenholme wrote:

>In 2002, when I rewrote the compression code for MaraDNS for the first
>time, I made a mistake in allocating an array of integers, allocating
>it in bytes instead of sizeof(int) units.  The resulted in a buffer
>being too small, allowing it to be overwritten.
>The impact of this programming error is that MaraDNS can be crashed by
>sending MaraDNS a single "packet of death".  Since the data placed in
>the overwritten array can not be remotely controlled (it is a list of
>increasing integers), there is no way to increase privileges
>exploiting this bug.
>The attached patch resolves this issue by allocating in sizeof(int)
>units instead of byte-sized units for an integer array.  In addition,
>it uses a smaller array because a DNS name can only have, at most, 128

Was a CVE name ever assigned to this issue?

Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.