Package: maradns Version: 1.2.12.04-1etch1 Severity: normal >From MaraDNS website: MaraDNS would leak about 300 bytes whenever a specially crafted DNS packet (either one with a non-0 Opcode, or a non-1 Class) was sent to the server. This leak would have allowed an attacker to cause MaraDNS to allocate an arbitrary large amount of memory by sending a very large number of invalid DNS packers (sic) to the server running MaraDNS. This affected the 1.2 and 1.3 branches of MaraDNS, and was fixed in MaraDNS 1.2.12.06 and the 1.3.05 releases of MaraDNS.
Impact: Remote denial of service. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (600, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-k7 Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages maradns depends on: ii adduser 3.102 Add and remove users and groups ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries maradns recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
