Vulnerability Description
parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maradns | Maradns | 1.3.03 |
References
- http://maradns.org/download/maradns-1.4.02-parse_segfault.patchPatch
- http://www.openwall.com/lists/oss-security/2010/06/09/4Patch
- http://www.openwall.com/lists/oss-security/2010/06/24/5
- http://maradns.org/download/maradns-1.4.02-parse_segfault.patchPatch
- http://www.openwall.com/lists/oss-security/2010/06/09/4Patch
- http://www.openwall.com/lists/oss-security/2010/06/24/5
FAQ
What is CVE-2010-2444?
CVE-2010-2444 is a vulnerability with a CVSS score of 4.3 (MEDIUM). parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of ...
How severe is CVE-2010-2444?
CVE-2010-2444 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2444?
Check the references section above for vendor advisories and patch information. Affected products include: Maradns Maradns.