Bug 4118

Summary: [Update Request] Update maradns to fix CVE-2012-0024 and CVE-2011-5055
Product: Mageia Reporter: Funda Wang <fundawang>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, geiger.david68210, remco, sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5055
Whiteboard:
Source RPM: maradns-1.4.09-1.mga1 CVE:
Status comment:

Description Funda Wang 2012-01-13 10:34:36 CET 
Following security problem has been found in maradns package shipped in Mageia 1 :

* CVE-2011-5055: MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024.

The updated package has been updated to latest version of 1.4.x series, to fix this issue, plus some other bug fixes.
Comment 1 Dave Hodgins 2012-01-13 19:17:07 CET 
Testing on i586 complete for the srpm
maradns-1.4.09-1.mga1.src.rpm

After installing, I had to edit /etc/maradns/mararc.recursive and set
recursive_acl = "192.168.1.0/16, 127.0.0.1/8"

Then, after "service maradns start"
"dig @127.0.0.1 www.yahoo.com" returned the ip, with a second run
returning the value from the cache.

CC: (none) => davidwhodgins

Comment 2 Remco Rijnders 2012-01-15 04:18:21 CET 
Hi Funda,

Thanks for uploading this fix, and thanks QA for testing it. Unfortunately, just moments later there was a message on the maradns list saying that 1.4.09 did not properly fix this issue. See http://woodlane.webconquest.com/pipermail/list/2012-January/001048.html for that.

I'll submit a fix for this today unless Funda beats me to it :-)

CC: (none) => remco

Comment 3 Funda Wang 2012-01-15 12:36:54 CET 
I will not beat you, but still faster than you :p
Comment 4 David GEIGER 2012-01-15 18:11:11 CET 
Testing complete for the srpm maradns-1.4.10-1.mga1.src.rpm on Mageia release 1 (Official) for x86_64.

So here the result (for maradns-using a publically accessible ip
address) after :

# service powerdns stop
# service maradns start

# dig @127.0.0.1 www.yahoo.com

; <<>> DiG 9.8.1-P1 <<>> @127.0.0.1 www.yahoo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60710
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.yahoo.com.                 IN      A

;; ANSWER SECTION:
www.yahoo.com.          300     IN      CNAME   fp3.wg1.b.yahoo.com.
fp3.wg1.b.yahoo.com.    300     IN      A       87.248.122.122

;; Query time: 771 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 15 18:05:52 2012
;; MSG SIZE  rcvd: 71

CC: (none) => geiger.david68210

Comment 5 Dave Hodgins 2012-01-15 19:46:51 CET 
Testing complete on i586 for maradns.

Could someone from the sysadmin team push the srpm
maradns-1.4.10-1.mga1.src.rpm
from Core Updates Testing to Core Updates.

Advisory:  This security update for maradns corrects CVE-2011-5055.
MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data
without properly restricting the ability to trigger hash collisions
predictably, which allows remote attackers to cause a denial of service (CPU
consumption) by sending many crafted queries with the Recursion Desired (RD)
bit set. NOTE: this issue exists because of an incomplete fix for
CVE-2012-0024.

The updated package has been updated to latest version of 1.4.x series, to fix
this issue, plus some other bug fixes.

https://bugs.mageia.org/show_bug.cgi?id=4118

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 Thomas Backlund 2012-01-15 22:14:29 CET 
update pushed

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED