Red Hat Bugzilla – Bug 804770
CVE-2012-1570 maradns: deleted domain record cache persistance flaw
Last modified: 2013-08-02 12:24:02 EDT
It was reported , that MaraDNS suffers from a flaw where it is susceptible to spoofing attacks. Due to an error in the cache update policy, which does not properly handle revoked domain names, a remote attacker could keep a domain name resolvable after it has been deleted from the registration.
This flaw is fixed in versions 188.8.131.52.15 and 1.4.12, and is reported to affect all prior versions.
Created maradns tracking bugs for this issue
Affects: fedora-all [bug 804776]
Affects: epel-5 [bug 804777]
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/20/10
Current Fedora versions of MaraDNS are not affected by this, however EPEL5 is still vulnerable. Keeping the EPEL5 tracker and closing this one.