Domain Name Resolver Vulnerability in MaraDNS by MaraDNS
CVE-2012-1570

Currently unrated

Key Information:

Vendor: Maradns
Status: Maradns
Vendor: CVE Published:; 28 March 2012

What is CVE-2012-1570?

MaraDNS contains a vulnerability in its resolver due to improper handling of cached server names and TTL values in NS records. When processing responses to A record queries, this flaw can lead to the continued resolvability of revoked domain names, which facilitates a type of attack known as a 'ghost domain names' attack. Attackers can exploit this issue to maintain access to previously revoked domains, undermining the integrity of domain name resolutions.

References

http://www.openwall.com/lists/oss-security/2012/03/20/10

mailing-listx_refsource_MLIST

https://exchange.xforce.ibmcloud.com/vulnerabilities/74119

vdb-entryx_refsource_XF

http://www.openwall.com/lists/oss-security/2012/03/20/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2012
Vulnerability Reserved
Mar 12, 2012

CVE-2012-1570 Data

JSON

Maradns

What is CVE-2012-1570?

References

Timeline