Tuesday, February 2, 2010

MaraDNS 1.4.03 and 1.3.07.10 released

I have released MaraDNS 1.4.03 and 1.3.07.10 today. This fixes a minor security issue.

There was a bug introduced in MaraDNS 1.3.03 (January 2007): Hostnames that incorrectly not end with a dot result in a string being deallocated then used.

MaraDNS 1.2 does not have this issue.

This issue can not be exploited from zones loaded using DNS's zone transfer mechanism; fetchzone filters data obtained this way. This issue can only be exploited in the unusual case of an attacker having control of the contents of a csv2 zone file to be parsed by MaraDNS.

This issue, on Linux systems, results in a null pointer dereference that terminates that MaraDNS process.

Impact: Denial of service

This issue is now fixed in MaraDNS 1.4.03 and 1.3.07.10, released February 2, 2010. I have already talked with the relevant people at Debian, who feel this bug is not serious enough to warrant a new stable release of MaraDNS in the Debian repositories.

The updated files can be downloaded here:

http://www.maradns.org/download.html

Next: Upload MaraDNS 1.4.03 to Sourceforge (Update: Done)

Note also that MaraDNS 1.4.03 documents the reject_aaaa/ptr parameters, as posted to the blog yesterday.