Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   MaraDNS Vendors:   Trenholme, Sam
MaraDNS Malformed Packet Processing Bug Allows Remote Users to Cause the Server to Stop Responding to DNS Requests
SecurityTracker Alert ID:  1003252
SecurityTracker URL:
CVE Reference:   CVE-2002-2097   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Jan 16 2002
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.9.01
Description:   A denial of service vulnerability was reported in the MaraDNS domain name server.

It is reported that a remote user can create a specially crafted, invalid DNS packet to cause the MaraDNS server to stop responding to DNS requests. This may also cause a load increase on the MaraDNS server.

Impact:   A remote user can cause the MaraDNS service to stop responding to DNS requests.
Solution:   The vendor has released a fix (0.9.01), available at:

Vendor URL: (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  MaraDNS bug

  MaraDNS 0.9.01 (Development)
  by Sam Trenholme (
  Thursday, January 10th 2002 22:43

Internet :: Name Service (DNS)

About: MaraDNS is a DNS server that strives to be secure and fully

Changes: This is a security update which fixes a DOS problem that
affects all previous versions of MaraDNS. In addition, the documentation
has been improved.   

License: Public Domain



The vendor reports the following:

An attacker could have formed a special invalid DNS packet (which a
normal DNS resolver/server would never generate) which would have
caused a MaraDNS server to cease responding to DNS requests; and for
MaraDNS to increase the load by one on the server running MaraDNS.

One packet would have caused this to happen.

This attack would not affect any other services (except for increasing
load on the server); nor would the attack have given the attacker any
elevated privledges.

For an attacker to generate this exploit, the attacker would have had to
have had intimate knowledge of DNS packet formation; and would have had
to look at the MaraDNS source code to see how to generate the offending
packet in question.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC