MaraDNS Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
|
|
SecurityTracker Alert ID: 1026821 |
|
SecurityTracker URL: http://securitytracker.com/id/1026821
|
|
CVE Reference:
CVE-2012-1570
(Links to External Site)
|
Updated: Mar 20 2012
|
Original Entry Date: Mar 19 2012
|
Impact:
Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.3.07.15 and 1.4.12
|
Description:
A vulnerability was reported in MaraDNS. A remote user can cause revoked domain names to remain resolvable.
A remote user can exploit a flaw in the DNS cache update policy to cause a revoked domain name to remain as resolvable after the domain name has been deleted from the domain registry and after the associated TTL has expired.
The original advisory was presented at NDSS 2012 ("Ghost Domain Names: Revoked Yet Still Resolvable").
Jian Jiang, Jinjin Liang, Kang Li, Jun Li, Haixin Duan, and Jianping Wu reported this vulnerability.
|
Impact:
A remote user can cause revoked domain names to remain resolvable.
|
Solution:
The vendor has issued a fix (1.3.07.15, 1.4.12).
|
Vendor URL: www.maradns.org/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 19 Mar 2012 21:10:15 +0000
Subject: MaraDNS
|
Maximum TTL now one day to eliminate ghost domain-style attacks.
|
|
