CVE-2010-2444

parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://maradns.org/download/maradns-1.4.02-parse_segfault.patch	Patch
http://www.openwall.com/lists/oss-security/2010/06/09/4	Patch
http://www.openwall.com/lists/oss-security/2010/06/24/5

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:maradns:maradns:1.3.03:::::::*
	cpe:2.3:a:maradns:maradns:1.3.04:::::::*
	cpe:2.3:a:maradns:maradns:1.3.05:::::::*
	cpe:2.3:a:maradns:maradns:1.3.06:::::::*
	cpe:2.3:a:maradns:maradns:1.3.07.01:::::::*
	cpe:2.3:a:maradns:maradns:1.3.07.02:::::::*
	cpe:2.3:a:maradns:maradns:1.3.07.03:::::::*
	cpe:2.3:a:maradns:maradns:1.3.07.04:::::::*
	cpe:2.3:a:maradns:maradns:1.3.07.05:::::::*
	cpe:2.3:a:maradns:maradns:1.3.07.06:::::::*
	cpe:2.3:a:maradns:maradns:1.3.07.07:::::::*
	cpe:2.3:a:maradns:maradns:1.3.07.08:::::::*
	cpe:2.3:a:maradns:maradns:1.3.07.09:::::::*
	cpe:2.3:a:maradns:maradns:1.3.08:::::::*
	cpe:2.3:a:maradns:maradns:1.3.09:::::::*
	cpe:2.3:a:maradns:maradns:1.3.10:::::::*
	cpe:2.3:a:maradns:maradns:1.3.11:::::::*
	cpe:2.3:a:maradns:maradns:1.3.12:::::::*
	cpe:2.3:a:maradns:maradns:1.3.13:::::::*
	cpe:2.3:a:maradns:maradns:1.3.14:::::::*
	cpe:2.3:a:maradns:maradns:1.4.01:::::::*
	cpe:2.3:a:maradns:maradns:1.4.02:::::::*

History

No history.

Information

Published : 2010-06-25 18:30

Updated : 2010-06-28 04:00

NVD link : CVE-2010-2444

Mitre link : CVE-2010-2444

CVE.ORG link : CVE-2010-2444

JSON object : View

Products Affected

maradns

maradns

CWE

NVD-CWE-Other

{"id": "CVE-2010-2444", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-06-25T18:30:01.610", "references": [{"url": "http://maradns.org/download/maradns-1.4.02-parse_segfault.patch", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/06/09/4", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2010/06/24/5", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a \".\" (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file."}, {"lang": "es", "value": "parse/Csv2_parse.c en MaraDNS V1.3.03, y otras versiones anteriores v1.4.03 no maneja adecuadamente los hombres host que no terminan en el caracter \".\" (punto), lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (desreferencia de puntero nulo) a trav\u00e9s de fichero csv2 zone manipulado. \r\n"}], "lastModified": "2010-06-28T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:maradns:maradns:1.3.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4152EC32-1A1E-4C8E-BF22-7E610D9EE3C8"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB9E2D75-5874-4115-B8A1-BDB363C1578D"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48DB2061-1E36-4C1B-AA12-84C143D0A270"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE3C6973-CDB3-45F9-BD43-0C74B231FFB8"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.07.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA6C5C7B-02E6-4AC4-99A6-2D50BA66CED0"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.07.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05BF942C-EF7E-4320-AF8A-8BEEDDEE4D41"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.07.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D3D577E-F9DC-4616-9A6A-402C212D5A70"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.07.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DA50FF0-7BE7-4B3F-B27F-37539D4D9D4F"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.07.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BF9CAA0-24E8-4D13-BABC-40BFF5B97D60"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.07.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "987E3CDC-C578-4850-850F-BB92F88D72B3"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.07.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6464C92-02BF-4591-89B0-F7D7826E2B76"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.07.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "755494B1-8F52-420D-8AC8-D8DAD6D093D6"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.07.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCF1FE9C-CB27-4306-B5A1-ADC4CC2BFA00"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CA71AE3-2704-4662-8219-53C2D27EEB17"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1C9763D-55F2-4776-AD68-D446B62FC1CD"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "349F8D05-64B6-4681-B7C0-2901348A796A"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A88619F-859A-4FD4-9D41-FB99B5C3ABE2"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41A5E951-950C-489F-8837-FC12651C723B"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFC05DB6-60B4-4C7E-B57F-B5CCEFD41428"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.3.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "411BC0D2-75BF-4E90-BCE4-228AB5821EA9"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.4.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CFA46FC-7283-4877-A943-1CEBC933BF9E"}, {"criteria": "cpe:2.3:a:maradns:maradns:1.4.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DD92FB9-0F1D-4A8D-9F22-94CE5A2FC949"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n'NULL Pointer Dereference'", "sourceIdentifier": "cve@mitre.org"}