CVE-2011-5055

Sažetak

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024.

Reference

http://openwall.com/lists/oss-security/2012/01/03/13
http://openwall.com/lists/oss-security/2012/01/03/6
http://samiam.org/blog/20111230.html
https://bugzilla.redhat.com/show_bug.cgi?id=771428

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

09-01-2012 - 18:30

Objavljeno

08-01-2012 - 00:55