Detections
Analytics

Debian DSA-1319-1 : maradns - memory leaks

high Nessus Plugin ID 25585

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in MaraDNS, a simple security-aware Domain Name Service server. The Common Vulnerabilities and Exposures project identifies the following problems :

 - CVE-2007-3114 It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service.

 - CVE-2007-3115 It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service.

 - CVE-2007-3116 It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service.

The oldstable distribution (sarge) is not affected by these problems.

Solution

Upgrade the maradns packages.

For the stable distribution (etch) these problems have been fixed in version 1.2.12.04-1etch1.

See Also

https://security-tracker.debian.org/tracker/CVE-2007-3114

https://security-tracker.debian.org/tracker/CVE-2007-3115

https://security-tracker.debian.org/tracker/CVE-2007-3116

https://www.debian.org/security/2007/dsa-1319

Plugin Details

Severity: High

ID: 25585

File Name: debian_DSA-1319.nasl

Version: 1.17

Type: local

Agent: unix

Published: 6/27/2007

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:maradns, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 6/23/2007

Reference Information

CVE: CVE-2007-3114, CVE-2007-3115, CVE-2007-3116

CWE: 399

DSA: 1319