MaraDNS suffers from an error with the hash generation function which can be exploited to cause a hash collision resulting in high CPU consumption (Denial of Service). This flaw has been corrected in versions 1.3.07.13 and 1.4.09. References: http://samiam.org/blog/20111229.html http://samiam.org/blog/20111230.html No CVE has been assigned as of yet.
Created maradns tracking bugs for this issue Affects: fedora-all [bug 771435] Affects: epel-5 [bug 771436]
This issue was assigned the name CVE-2012-0024.
This fix was provoked by oCERT-2011-003, but was not covered by oCERT-2011-003, hence removing oCERT advisory id from the bug summary.
MITRE has added a few CVEs here, so for completeness I'm noting all three CVEs as described by MITRE: Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5055 to the following vulnerability: Name: CVE-2011-5055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5055 Assigned: 20120107 Reference: http://openwall.com/lists/oss-security/2012/01/03/6 Reference: http://openwall.com/lists/oss-security/2012/01/03/13 Reference: http://samiam.org/blog/20111230.html Reference: https://bugzilla.redhat.com/show_bug.cgi?id=771428 MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024. Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5056 to the following vulnerability: Name: CVE-2011-5056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5056 Assigned: 20120107 Reference: http://samiam.org/blog/20111229.html The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024. Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0024 to the following vulnerability: Name: CVE-2012-0024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0024 Assigned: 20111207 Reference: http://openwall.com/lists/oss-security/2012/01/03/6 Reference: http://openwall.com/lists/oss-security/2012/01/03/13 Reference: http://samiam.org/blog/20111229.html Reference: https://bugzilla.redhat.com/show_bug.cgi?id=771428 MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: as we have not shipped any incomplete fixes, the CVE-2011-5055 entry is here for reference; nothing we ship is actually vulnerable to it.
Current Fedora ships with 2.0.07 so is not vulnerable, however EPEL5 does still ship with a vulnerable version. The EPEL5 tracker will remain open until it is fixed.