Bug 5154

Summary: maradns security update
Product: Mageia Reporter: Remco Rijnders <remco>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, derekjenn, sysadmin-bugs, tmb
Version: 1Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: maradns CVE:
Status comment:

Description Remco Rijnders 2012-03-29 07:25:20 CEST 
Summary / advisory:
===================
A bug was found in the MaraDNS resolver that allows a malicious outsider to prevent cached records from expiring. This bugfix only upgrade provides a fix for this problem (CVE-2012-1570).



Further info:
=============
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1570

Please note that the attack vector is quite small, and it really is only an issue for people using maradns as a publically accessible recursive resolver. In other words: This use case is probably uncommon within the Mageia community.

I am not aware of a publically available exploit to test this with. I suggest that we just check to see if maradns is still able to resolve hostnames properly after installing / upgrading this package.

How to test:
1) Install maradns
2) Put the following in /etc/resolv.conf:    nameserver 127.0.0.1
3) Do internetty stuff, like going to google and have it resolv properly.

Possibly needed steps:
4) You might need to add your localhost to /etc/maradns/mararc.recursive like:
recursive_acl = "192.168.0.0/24, 127.0.0.1"
5) /etc/init.d/maradns restart
Remco Rijnders 2012-03-29 07:26:13 CEST

Keywords: (none) => Security
Status: NEW => ASSIGNED

Comment 1 Dave Hodgins 2012-03-30 02:58:00 CEST 
Testing complete on i586 for the srpm
maradns-1.4.12-1.mga1.src.rpm

Just testing with "dig mageia.org", as the dig output shows
it is getting it's result from the server on 127.0.0.1

CC: (none) => davidwhodgins

Comment 2 Derek Jennings 2012-04-02 23:11:29 CEST 
Testing complete on x86_64 all works as expected.
Update Validated

Advisory
-------
A bug was found in the MaraDNS resolver that allows a malicious outsider to
prevent cached records from expiring. This bugfix only upgrade provides a fix
for this problem (CVE-2012-1570).



Could sysadmin please push maradns-1.4.12-1.mga1.src.rpm from core/updates_testing to core/updates. Thanks

Keywords: (none) => validated_update
CC: (none) => derekjenn, sysadmin-bugs

Comment 3 Thomas Backlund 2012-04-03 05:14:27 CEST 
Update pushed

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED