4 matches found
GLSA-201202-03 : MaraDNS: Denial of Service
The remote host is affected by the vulnerability described in GLSA-201202-03 MaraDNS: Denial of Service MaraDNS does not properly randomize hash functions to protect against hash collision attacks. Impact : A remote attacker could send many specially crafted DNS recursive queries, possibly...
CVE-2012-0024
MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted queries with the Recursion Desired RD bit s...
Code injection
MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted queries with the Recursion Desired RD bit set. NOTE:...
CVE-2012-0024
MaraDNS is affected by a hash-collision DoS in versions prior to 1.3.07.12 and 1.4.x before 1.4.08, caused by how hash values are computed for DNS data, enabling remote attackers to trigger high CPU consumption via crafted queries with the RD bit set. Remediation per Gentoo GLSA is to upgrade to ...