Red Hat Bugzilla – Bug 608733
CVE-2010-2444 MaraDNS: DoS (NULL pointer dereference) via specially-crafted csv2 zone file
Last modified: 2016-03-04 06:49:49 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2444 to
the following vulnerability:
parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before
1.4.03, does not properly handle hostnames that do not end in a "."
(dot) character, which allows remote attackers to cause a denial of
service (NULL pointer dereference) via a crafted csv2 zone file.
This issue is resolved in Fedora, however EPEL5 is still vulnerable. The tracking bug for EPEL5 will remain open, but this bug can be closed.