Package: maradns Version: 1.4.03-1 Severity: important Tags: security This bug can lead to DoS.
DNS name w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.pl is valid name, which even resolves to ipv4 address. I have maradns on localhost, and maradns looks to answer, but immiedietly segfaults. # /etc/init.d/maradns start Starting maradns: maradns. # ps aux | grep mara maradns 1472 0.0 0.0 1972 760 pts/2 S 04:33 0:00 /usr/sbin/maradns -f /etc/maradns/mararc root 1473 0.0 0.0 3164 596 pts/2 S 04:33 0:00 logger -p daemon.notice -t maradns.etc_maradns_mararc # host w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.pl 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.pl has address 195.114.173.133 ;; connection timed out; no servers could be reached # ps aux | grep mara baryluk 1353 2.6 2.0 125420 43120 pts/7 Sl+ 04:32 0:06 /usr/bin/python /usr/bin/reportbug maradns # Actually given example isn't biggest allowed. Adding additional "w." component, gives very strange error. # host w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.pl 127.0.0.1 ;; Warning: Message parser reports malformed message packet. ;; Warning: Message parser reports malformed message packet. Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: Host w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.w.pl not found: 2(SERVFAIL) # There is a change that the last problem is a problem in host utility, but I do not think so as, it performs strict lengths checks (even reports that name is not legal if any compontent is longer than 63, or whole name is longer than 254 characters). To be sure what are limits check DNS RFCs. PS. I also tested deadwood, and it also behaves in very strange way. It do not segfaults, but timeouts. I incressed timeouts in nslookup utility, and still no answer from deadwood. I guess too big recursion level. Please check it also. -- System Information: Debian Release: 6.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=pl_PL.utf8, LC_CTYPE=pl_PL.utf8 (charmap=UTF-8) (ignored: LC_ALL set to pl_PL.utf8) Shell: /bin/sh linked to /bin/dash Versions of packages maradns depends on: ii adduser 3.112+nmu2 add and remove users and groups ii libc6 2.11.2-9 Embedded GNU C Library: Shared lib maradns recommends no packages. maradns suggests no packages. -- Configuration Files: /etc/init.d/maradns changed [not included] /etc/maradns/mararc changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
