ID MARADNS_2_0_02.NASL Type nessus Reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. Modified 2021-02-02T00:00:00
Description
According to its self-reported version number, the MaraDNS server
running on the remote host is affected by a heap-based buffer overflow
due to improperly sanitizing user-supplied input submitted to the
compress_add_dlabel_points' function in the 'Compress.c' source file.
This issue could allow a remote attacker to crash the DNS server,
resulting in a denial of service or possibly code execution.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(73481);
script_version("1.3");
script_cvs_date("Date: 2018/07/14 1:59:35");
script_cve_id("CVE-2011-0520");
script_bugtraq_id(45966);
script_name(english:"MaraDNS < 1.3.07.11 / 1.4.x < 1.4.06 / 2.0.x < 2.0.02 compress_add_dlabel_points Function Buffer Overflow");
script_summary(english:"Checks version of MaraDNS server");
script_set_attribute(attribute:"synopsis", value:
"The DNS server running on the remote host is affected by a buffer
overflow vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the MaraDNS server
running on the remote host is affected by a heap-based buffer overflow
due to improperly sanitizing user-supplied input submitted to the
compress_add_dlabel_points' function in the 'Compress.c' source file.
This issue could allow a remote attacker to crash the DNS server,
resulting in a denial of service or possibly code execution.");
script_set_attribute(attribute:"see_also", value:"http://samiam.org/blog/20110129.html");
script_set_attribute(attribute:"see_also", value:"http://samiam.org/blog/20110205.html");
script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834");
script_set_attribute(attribute:"see_also", value:"http://maradns.samiam.org/security.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to MaraDNS version 1.3.07.11 / 1.4.06 / 2.0.02 or later or
apply the relevant patch.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/23");
script_set_attribute(attribute:"patch_publication_date", value:"2011/01/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/11");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:maradns:maradns");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"DNS");
script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
script_dependencies("maradns_version.nasl");
script_require_keys("maradns/version", "maradns/num_ver", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
version = get_kb_item_or_exit("maradns/version");
num_ver = get_kb_item_or_exit("maradns/num_ver");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = 53;
fix = NULL;
# < 1.3.07.11
if (version =~ "^(0|1\.[0-3]\.)" && ver_compare(ver:num_ver, fix:"1.3.07.11", strict:FALSE) == -1)
fix = "1.3.07.11";
# 1.4.x < 1.4.06
else if (version =~ "^1\.4\." && ver_compare(ver:num_ver, fix:"1.4.06", strict:FALSE) == -1)
fix = "1.4.06";
# 2.x < 2.0.02
else if (version =~ "^2\.0\." && ver_compare(ver:num_ver, fix:"2.0.02", strict:FALSE) == -1)
fix = "2.0.02";
else
audit(AUDIT_LISTEN_NOT_VULN, "MaraDNS", port, version, "UDP");
if (report_verbosity > 0)
{
report =
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_hole(port:port, proto:"udp", extra:report);
}
else security_hole(port:port, proto:"udp");
{"id": "MARADNS_2_0_02.NASL", "bulletinFamily": "scanner", "title": "MaraDNS < 1.3.07.11 / 1.4.x < 1.4.06 / 2.0.x < 2.0.02 compress_add_dlabel_points Function Buffer Overflow", "description": "According to its self-reported version number, the MaraDNS server\nrunning on the remote host is affected by a heap-based buffer overflow\ndue to improperly sanitizing user-supplied input submitted to the\ncompress_add_dlabel_points' function in the 'Compress.c' source file.\nThis issue could allow a remote attacker to crash the DNS server,\nresulting in a denial of service or possibly code execution.", "published": "2014-04-11T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/73481", "reporter": "This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.", "references": ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834", "http://maradns.samiam.org/security.html", "http://samiam.org/blog/20110205.html", "http://samiam.org/blog/20110129.html"], "cvelist": ["CVE-2011-0520"], "type": "nessus", "lastseen": "2021-02-01T04:03:48", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-0520"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231068957", "OPENVAS:68957", "OPENVAS:69332", "OPENVAS:136141256231070795", "OPENVAS:70795", "OPENVAS:136141256231069332"]}, {"type": "gentoo", "idList": ["GLSA-201111-06"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12056"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2196-1:DD532"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201111-06.NASL", "FREEBSD_PKG_8015600F2C8011E09CC100163E5BF4F9.NASL", "DEBIAN_DSA-2196.NASL"]}, {"type": "freebsd", "idList": ["8015600F-2C80-11E0-9CC1-00163E5BF4F9"]}], "modified": "2021-02-01T04:03:48", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-02-01T04:03:48", "rev": 2}, "vulnersScore": 7.1}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73481);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2011-0520\");\n script_bugtraq_id(45966);\n\n script_name(english:\"MaraDNS < 1.3.07.11 / 1.4.x < 1.4.06 / 2.0.x < 2.0.02 compress_add_dlabel_points Function Buffer Overflow\");\n script_summary(english:\"Checks version of MaraDNS server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The DNS server running on the remote host is affected by a buffer\noverflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the MaraDNS server\nrunning on the remote host is affected by a heap-based buffer overflow\ndue to improperly sanitizing user-supplied input submitted to the\ncompress_add_dlabel_points' function in the 'Compress.c' source file.\nThis issue could allow a remote attacker to crash the DNS server,\nresulting in a denial of service or possibly code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20110129.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20110205.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834\");\n script_set_attribute(attribute:\"see_also\", value:\"http://maradns.samiam.org/security.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MaraDNS version 1.3.07.11 / 1.4.06 / 2.0.02 or later or\napply the relevant patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:maradns:maradns\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"maradns_version.nasl\");\n script_require_keys(\"maradns/version\", \"maradns/num_ver\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"maradns/version\");\nnum_ver = get_kb_item_or_exit(\"maradns/num_ver\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = 53;\nfix = NULL;\n\n# < 1.3.07.11\nif (version =~ \"^(0|1\\.[0-3]\\.)\" && ver_compare(ver:num_ver, fix:\"1.3.07.11\", strict:FALSE) == -1)\n fix = \"1.3.07.11\";\n\n# 1.4.x < 1.4.06\nelse if (version =~ \"^1\\.4\\.\" && ver_compare(ver:num_ver, fix:\"1.4.06\", strict:FALSE) == -1)\n fix = \"1.4.06\";\n\n# 2.x < 2.0.02\nelse if (version =~ \"^2\\.0\\.\" && ver_compare(ver:num_ver, fix:\"2.0.02\", strict:FALSE) == -1)\n fix = \"2.0.02\";\n\nelse\n audit(AUDIT_LISTEN_NOT_VULN, \"MaraDNS\", port, version, \"UDP\");\n\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port, proto:\"udp\", extra:report);\n}\nelse security_hole(port:port, proto:\"udp\");\n", "naslFamily": "DNS", "pluginID": "73481", "cpe": ["cpe:/a:maradns:maradns"], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:50:58", "description": "The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow.", "edition": 4, "cvss3": {}, "published": "2011-01-28T16:00:00", "title": "CVE-2011-0520", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0520"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:maradns:maradns:1.4.05", "cpe:/a:maradns:maradns:1.4.03"], "id": "CVE-2011-0520", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0520", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:maradns:maradns:1.4.03:*:*:*:*:*:*:*", "cpe:2.3:a:maradns:maradns:1.4.05:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:55:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0520"], "description": "The remote host is missing an update to maradns\nannounced via advisory DSA 2196-1.", "modified": "2017-07-07T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:69332", "href": "http://plugins.openvas.org/nasl.php?oid=69332", "type": "openvas", "title": "Debian Security Advisory DSA 2196-1 (maradns)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2196_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2196-1 (maradns)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Witold Baryluk discovered that MaraDNS, a simple security-focused\nDomain Name Service server, may overflow an internal buffer when\nhandling requests with a large number of labels, causing a server\ncrash and the consequent denial of service.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.07.09-2.1.\n\nFor the stable distribution (squeeze) and greater this problem had\nalready been fixed in version 1.4.03-1.1.\n\nWe recommend that you upgrade your maradns packages.\";\ntag_summary = \"The remote host is missing an update to maradns\nannounced via advisory DSA 2196-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202196-1\";\n\n\nif(description)\n{\n script_id(69332);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0520\");\n script_name(\"Debian Security Advisory DSA 2196-1 (maradns)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"maradns\", ver:\"1.3.07.09-2.1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"maradns\", ver:\"1.4.03-1.1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0520"], "description": "The remote host is missing an update to maradns\nannounced via advisory DSA 2196-1.", "modified": "2019-03-18T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:136141256231069332", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069332", "type": "openvas", "title": "Debian Security Advisory DSA 2196-1 (maradns)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2196_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2196-1 (maradns)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69332\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0520\");\n script_name(\"Debian Security Advisory DSA 2196-1 (maradns)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202196-1\");\n script_tag(name:\"insight\", value:\"Witold Baryluk discovered that MaraDNS, a simple security-focused\nDomain Name Service server, may overflow an internal buffer when\nhandling requests with a large number of labels, causing a server\ncrash and the consequent denial of service.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.07.09-2.1.\n\nFor the stable distribution (squeeze) and greater this problem had\nalready been fixed in version 1.4.03-1.1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your maradns packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to maradns\nannounced via advisory DSA 2196-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"maradns\", ver:\"1.3.07.09-2.1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"maradns\", ver:\"1.4.03-1.1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0520"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201111-06.", "modified": "2018-10-12T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070795", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070795", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201111-06 (MaraDNS)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201111_06.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70795\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0520\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:41 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201111-06 (MaraDNS)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"A buffer overflow vulnerability in MaraDNS allows remote attackers\n to execute arbitrary code or cause a Denial of Service.\");\n script_tag(name:\"solution\", value:\"All MaraDNS users should upgrade to the latest stable version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-dns/maradns-1.4.06'\n\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since February 12, 2011. It is likely that your system is\n already no longer affected by this issue.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201111-06\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=352569\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201111-06.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-dns/maradns\", unaffected: make_list(\"ge 1.4.06\"), vulnerable: make_list(\"lt 1.4.06\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0520"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201111-06.", "modified": "2017-07-07T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70795", "href": "http://plugins.openvas.org/nasl.php?oid=70795", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201111-06 (MaraDNS)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A buffer overflow vulnerability in MaraDNS allows remote attackers\n to execute arbitrary code or cause a Denial of Service.\";\ntag_solution = \"All MaraDNS users should upgrade to the latest stable version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-dns/maradns-1.4.06'\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since February 12, 2011. It is likely that your system is\n already no longer affected by this issue.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201111-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=352569\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201111-06.\";\n\n \n \nif(description)\n{\n script_id(70795);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0520\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:41 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201111-06 (MaraDNS)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-dns/maradns\", unaffected: make_list(\"ge 1.4.06\"), vulnerable: make_list(\"lt 1.4.06\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0520"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-25T00:00:00", "published": "2011-03-05T00:00:00", "id": "OPENVAS:68957", "href": "http://plugins.openvas.org/nasl.php?oid=68957", "type": "openvas", "title": "FreeBSD Ports: maradns", "sourceData": "#\n#VID 8015600f-2c80-11e0-9cc1-00163e5bf4f9\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 8015600f-2c80-11e0-9cc1-00163e5bf4f9\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: maradns\n\nCVE-2011-0520\nThe compress_add_dlabel_points function in dns/Compress.c in MaraDNS\n1.4.03, 1.4.05, and probably other versions allows remote attackers to\ncause a denial of service (segmentation fault) and possibly execute\narbitrary code via a long DNS hostname with a large number of labels,\nwhich triggers a heap-based buffer overflow.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834\nhttp://www.vuxml.org/freebsd/8015600f-2c80-11e0-9cc1-00163e5bf4f9.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(68957);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-05 22:25:39 +0100 (Sat, 05 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0520\");\n script_bugtraq_id(45966);\n script_name(\"FreeBSD Ports: maradns\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"maradns\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.06\")<0) {\n txt += 'Package maradns version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0520"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2011-03-05T00:00:00", "id": "OPENVAS:136141256231068957", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068957", "type": "openvas", "title": "FreeBSD Ports: maradns", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_maradns0.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 8015600f-2c80-11e0-9cc1-00163e5bf4f9\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68957\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-05 22:25:39 +0100 (Sat, 05 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0520\");\n script_bugtraq_id(45966);\n script_name(\"FreeBSD Ports: maradns\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: maradns\n\nCVE-2011-0520\nThe compress_add_dlabel_points function in dns/Compress.c in MaraDNS\n1.4.03, 1.4.05, and probably other versions allows remote attackers to\ncause a denial of service (segmentation fault) and possibly execute\narbitrary code via a long DNS hostname with a large number of labels,\nwhich triggers a heap-based buffer overflow.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/8015600f-2c80-11e0-9cc1-00163e5bf4f9.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"maradns\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.06\")<0) {\n txt += 'Package maradns version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:58", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0520"], "description": "### Background\n\nMaraDNS is a proxy DNS server with permanent caching.\n\n### Description\n\nA long DNS hostname with a large number of labels could trigger a buffer overflow in the compress_add_dlabel_points() function of dns/Compress.c. \n\n### Impact\n\nA remote unauthenticated attacker could execute arbitrary code or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MaraDNS users should upgrade to the latest stable version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-dns/maradns-1.4.06\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since February 12, 2011. It is likely that your system is already no longer affected by this issue.", "edition": 1, "modified": "2011-11-20T00:00:00", "published": "2011-11-20T00:00:00", "id": "GLSA-201111-06", "href": "https://security.gentoo.org/glsa/201111-06", "type": "gentoo", "title": "MaraDNS: Arbitrary code execution", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T10:53:03", "description": "The remote host is affected by the vulnerability described in GLSA-201111-06\n(MaraDNS: Arbitrary code execution)\n\n A long DNS hostname with a large number of labels could trigger a buffer\n overflow in the compress_add_dlabel_points() function of dns/Compress.c.\n \nImpact :\n\n A remote unauthenticated attacker could execute arbitrary code or cause\n a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2011-11-22T00:00:00", "title": "GLSA-201111-06 : MaraDNS: Arbitrary code execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0520"], "modified": "2011-11-22T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:maradns", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201111-06.NASL", "href": "https://www.tenable.com/plugins/nessus/56902", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201111-06.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56902);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0520\");\n script_bugtraq_id(45966);\n script_xref(name:\"GLSA\", value:\"201111-06\");\n\n script_name(english:\"GLSA-201111-06 : MaraDNS: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201111-06\n(MaraDNS: Arbitrary code execution)\n\n A long DNS hostname with a large number of labels could trigger a buffer\n overflow in the compress_add_dlabel_points() function of dns/Compress.c.\n \nImpact :\n\n A remote unauthenticated attacker could execute arbitrary code or cause\n a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201111-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MaraDNS users should upgrade to the latest stable version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-dns/maradns-1.4.06'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since February 12, 2011. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:maradns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-dns/maradns\", unaffected:make_list(\"ge 1.4.06\"), vulnerable:make_list(\"lt 1.4.06\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MaraDNS\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:46:31", "description": "MaraDNS developer Sam Trenholme reports :\n\n... a mistake in allocating an array of integers, allocating it in\nbytes instead of sizeof(int) units. This resulted in a buffer being\ntoo small, allowing it to be overwritten. The impact of this\nprogramming error is that MaraDNS can be crashed by sending MaraDNS a\nsingle 'packet of death'. Since the data placed in the overwritten\narray cannot be remotely controlled (it is a list of increasing\nintegers), there is no way to increase privileges exploiting this bug.", "edition": 26, "published": "2011-02-01T00:00:00", "title": "FreeBSD : maradns -- denial of service when resolving a long DNS hostname (8015600f-2c80-11e0-9cc1-00163e5bf4f9)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0520"], "modified": "2011-02-01T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:maradns"], "id": "FREEBSD_PKG_8015600F2C8011E09CC100163E5BF4F9.NASL", "href": "https://www.tenable.com/plugins/nessus/51832", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51832);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0520\");\n script_bugtraq_id(45966);\n\n script_name(english:\"FreeBSD : maradns -- denial of service when resolving a long DNS hostname (8015600f-2c80-11e0-9cc1-00163e5bf4f9)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MaraDNS developer Sam Trenholme reports :\n\n... a mistake in allocating an array of integers, allocating it in\nbytes instead of sizeof(int) units. This resulted in a buffer being\ntoo small, allowing it to be overwritten. The impact of this\nprogramming error is that MaraDNS can be crashed by sending MaraDNS a\nsingle 'packet of death'. Since the data placed in the overwritten\narray cannot be remotely controlled (it is a list of increasing\nintegers), there is no way to increase privileges exploiting this bug.\"\n );\n # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834\"\n );\n # https://vuxml.freebsd.org/freebsd/8015600f-2c80-11e0-9cc1-00163e5bf4f9.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa8493f1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:maradns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"maradns<1.4.06\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:46:26", "description": "Witold Baryluk discovered that MaraDNS, a simple security-focused\nDomain Name System server, may overflow an internal buffer when\nhandling requests with a large number of labels, causing a server\ncrash and the consequent denial of service.", "edition": 16, "published": "2011-03-21T00:00:00", "title": "Debian DSA-2196-1 : maradns - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0520"], "modified": "2011-03-21T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:maradns", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2196.NASL", "href": "https://www.tenable.com/plugins/nessus/52720", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2196. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52720);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0520\");\n script_bugtraq_id(45966);\n script_xref(name:\"DSA\", value:\"2196\");\n\n script_name(english:\"Debian DSA-2196-1 : maradns - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Witold Baryluk discovered that MaraDNS, a simple security-focused\nDomain Name System server, may overflow an internal buffer when\nhandling requests with a large number of labels, causing a server\ncrash and the consequent denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/maradns\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2196\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the maradns packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.07.09-2.1.\n\nFor the stable distribution (squeeze) and greater this problem had\nalready been fixed in version 1.4.03-1.1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:maradns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"maradns\", reference:\"1.3.07.09-2.1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"maradns\", reference:\"1.4.03-1.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:01", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0520"], "description": "\nMaraDNS developer Sam Trenholme reports:\n\n... a mistake in allocating an array of integers, allocating it\n\t in bytes instead of sizeof(int) units. This resulted in a buffer\n\t being too small, allowing it to be overwritten. The impact of this\n\t programming error is that MaraDNS can be crashed by sending\n\t MaraDNS a single \"packet of death\". Since the data placed in the\n\t overwritten array cannot be remotely controlled (it is a list of\n\t increasing integers), there is no way to increase privileges\n\t exploiting this bug.\n\n", "edition": 5, "modified": "2011-01-23T00:00:00", "published": "2011-01-23T00:00:00", "id": "8015600F-2C80-11E0-9CC1-00163E5BF4F9", "href": "https://vuxml.freebsd.org/freebsd/8015600f-2c80-11e0-9cc1-00163e5bf4f9.html", "title": "maradns -- denial of service when resolving a long DNS hostname", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:45", "bulletinFamily": "software", "cvelist": ["CVE-2011-0520"], "description": "Buffer overflow on request parsing.", "edition": 1, "modified": "2011-11-27T00:00:00", "published": "2011-11-27T00:00:00", "id": "SECURITYVULNS:VULN:12056", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12056", "title": "MaraDNS buffer overflow", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-08-12T00:52:09", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0520"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2196-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nMarch 19, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : maradns\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0520\nDebian Bug : 610834\n\nWitold Baryluk discovered that MaraDNS, a simple security-focused\nDomain Name Service server, may overflow an internal buffer when\nhandling requests with a large number of labels, causing a server\ncrash and the consequent denial of service.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.07.09-2.1.\n\nFor the stable distribution (squeeze) and greater this problem had\nalready been fixed in version 1.4.03-1.1.\n\nWe recommend that you upgrade your maradns packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 6, "modified": "2011-03-20T00:09:11", "published": "2011-03-20T00:09:11", "id": "DEBIAN:DSA-2196-1:DD532", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00064.html", "title": "[SECURITY] [DSA 2196-1] maradns security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
