Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5055

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-5055
Last Modified 09 Jan 2012 01:30:15
Published 07 Jan 2012 07:55:03
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5055

Summary

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024.

Vulnerable Systems

Application

  • Maradns 1.3.07.012

  • Maradns 1.4.08


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=771428

CONFIRM - http://samiam.org/blog/20111230.html

MLIST - [oss-security] 20120103 CVE request: maradns hash table collision cpu dos

MLIST - [oss-security] 20120103 Re: CVE request: maradns hash table collision cpu dos


Last Updated: 27 May 2016 10:57:18