Executive Summary
| Summary | |
|---|---|
| Title | New maradns packages fix denial of service |
| Informations | |||
|---|---|---|---|
| Name | DSA-1319 | First vendor Publication | 2007-06-23 |
| Vendor | Debian | Last vendor Modification | 2007-06-23 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several remote vulnerabilities have been discovered in MaraDNS, a simple security-aware Domain Name Service server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3114 It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service. CVE-2007-3115 It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service. CVE-2007-3116 It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service. The oldstable distribution (sarge) is not affected by these problems. For the stable distribution (etch) these problems have been fixed in version 1.2.12.04-1etch1. For the unstable distribution (sid) these problems have been fixed in version 1.2.12.06-1. We recommend that you upgrade your maradns packages. |
Original Source
| Url : http://www.debian.org/security/2007/dsa-1319 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:20489 | |||
| Oval ID: | oval:org.mitre.oval:def:20489 | ||
| Title: | DSA-1319-1 maradns | ||
| Description: | Several remote vulnerabilities have been discovered in MaraDNS, a simple security-aware Domain Name Service server. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1319-1 CVE-2007-3114 CVE-2007-3115 CVE-2007-3116 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | maradns |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 1319-1 (maradns) File : nvt/deb_1319_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 37018 | MaraDNS server/MaraDNS.c Unspecified Remote Memory Exhaustion DoS |
| 37017 | MaraDNS server/MaraDNS.c Crafted Request Remote DoS |
| 37016 | MaraDNS server/MaraDNS.c Unspecified Remote DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-04-11 | Name : The DNS server running on the remote host is affected by a denial of service ... File : maradns_1_3_03.nasl - Type : ACT_GATHER_INFO |
| 2014-04-11 | Name : The DNS server running on the remote host is affected by a denial of service ... File : maradns_1_3_05.nasl - Type : ACT_GATHER_INFO |
| 2014-04-11 | Name : The DNS server running on the remote host is affected by a denial of service ... File : maradns_1_3_06.nasl - Type : ACT_GATHER_INFO |
| 2007-06-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1319.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:26:43 |
|
