FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368362
Date:      2014-09-17
Time:      11:04:33Z
Committer: kwm

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f358de71-bf64-11dc-928b-0016179b2dd5maradns -- CNAME record resource rotation denial of service

Secunia reports:

A vulnerability has been reported in MaraDNS, which can be exploited by malicious people to cause a Denial of Service.

The vulnerability is caused due to an error within the handling of certain DNS packets. This can be exploited to cause a resource rotation by sending specially crafted DNS packets, which cause an authoritative CNAME record to not resolve, resulting in a Denial of Sevices.


Discovery 2008-01-04
Entry 2008-01-10
maradns
lt 1.2.12.08

CVE-2008-0061
http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html
http://secunia.com/advisories/28329
f358de71-bf64-11dc-928b-0016179b2dd5maradns -- CNAME record resource rotation denial of service

Secunia reports:

A vulnerability has been reported in MaraDNS, which can be exploited by malicious people to cause a Denial of Service.

The vulnerability is caused due to an error within the handling of certain DNS packets. This can be exploited to cause a resource rotation by sending specially crafted DNS packets, which cause an authoritative CNAME record to not resolve, resulting in a Denial of Sevices.


Discovery 2008-01-04
Entry 2008-01-10
maradns
lt 1.2.12.08

CVE-2008-0061
http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html
http://secunia.com/advisories/28329
8015600f-2c80-11e0-9cc1-00163e5bf4f9maradns -- denial of service when resolving a long DNS hostname

MaraDNS developer Sam Trenholme reports:

... a mistake in allocating an array of integers, allocating it in bytes instead of sizeof(int) units. This resulted in a buffer being too small, allowing it to be overwritten. The impact of this programming error is that MaraDNS can be crashed by sending MaraDNS a single "packet of death". Since the data placed in the overwritten array can not be remotely controlled (it is a list of increasing integers), there is no way to increase privileges exploiting this bug.


Discovery 2011-01-23
Entry 2011-01-31
maradns
lt 1.4.06

45966
CVE-2011-0520
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834
8015600f-2c80-11e0-9cc1-00163e5bf4f9maradns -- denial of service when resolving a long DNS hostname

MaraDNS developer Sam Trenholme reports:

... a mistake in allocating an array of integers, allocating it in bytes instead of sizeof(int) units. This resulted in a buffer being too small, allowing it to be overwritten. The impact of this programming error is that MaraDNS can be crashed by sending MaraDNS a single "packet of death". Since the data placed in the overwritten array can not be remotely controlled (it is a list of increasing integers), there is no way to increase privileges exploiting this bug.


Discovery 2011-01-23
Entry 2011-01-31
maradns
lt 1.4.06

45966
CVE-2011-0520
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834