This email concerns CVE-2016-9300, CVE-2016-9301, and CVE-2016-9302.
I have written a utility to send the packets that supposedly remotely crash
MaraDNS to MaraDNS via UDP. The packets do not crash MaraDNS when sent over
the network; I can only crash MaraDNS with the offending packets by using
the
Github bug: https://github.com/samboy/MaraDNS/issues/33
Please go here to get the latest updates from upstream about this issue.
On Sat, Dec 3, 2016 at 5:52 AM, Sam Trenholme wrote:
> Hello there,
>
> I have just become aware of this bug. Right now, I can reproduce the crash
> in Cygwin 64-bit,
Hello there,
I have just become aware of this bug. Right now, I can reproduce the crash
in Cygwin 64-bit, but am unable to reproduce the crash in my 32-bit CentOS6
development environment where I would actually be able to get a full stack
trace (which was not provided in the original bug report).
Control: retitle -1 maradns: CVE-2016-9300 CVE-2016-9301 CVE-2016-9302
Hi,
Three CVEs have been assigned in meanwhile for the found issues. Cf.
http://www.openwall.com/lists/oss-security/2016/11/14/8
Regards,
Salvatore
Processing control commands:
> retitle -1 maradns: CVE-2016-9300 CVE-2016-9301 CVE-2016-9302
Bug #844121 [src:maradns] Remote crash in MaraDNS 2.0.13
Changed Bug title to 'maradns: CVE-2016-9300 CVE-2016-9301 CVE-2016-9302' from
'Remote crash in MaraDNS 2.0.13'.
--
844121: http://bugs.debian.or
Source: maradns
Severity: grave
Version: 2.0.13-1.2
Tags: security upstream
Hi,
The following vulnerability was published for MaraDNS:
http://seclists.org/oss-sec/2016/q4/411
No CVE is was assigned yet, but the request was made in that thread.
If you fix the vulnerability please also make sure
6 matches
Mail list logo
