CVE-2011-0520 - Vulnerability Details - OpenCVE

The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Maradns	Maradns

Configuration 1 [-]

OR	cpe:2.3:a:maradns:maradns:1.4.03:::::::*
	cpe:2.3:a:maradns:maradns:1.4.05:::::::*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834
http://osvdb.org/70630
http://secunia.com/advisories/43027
http://secunia.com/advisories/43107
http://www.debian.org/security/2011/dsa-2196
http://www.openwall.com/lists/oss-security/2011/01/24/1
http://www.openwall.com/lists/oss-security/2011/01/24/6
http://www.securityfocus.com/bid/45966
http://www.vupen.com/english/advisories/2011/0699
https://exchange.xforce.ibmcloud.com/vulnerabilities/64885

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-01-28T15:00:00

Updated: 2024-08-06T21:58:25.928Z

Reserved: 2011-01-20T00:00:00

Link: CVE-2011-0520

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-01-28T16:00:04.673

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-0520

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "ADV-2011-0699", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0699"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834"}, {"name": "[oss-security] 20110123 CVE request: MaraDNS DoS via long queries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/24/1"}, {"name": "[oss-security] 20110124 Re: CVE request: MaraDNS DoS via long queries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/24/6"}, {"name": "maradns-compressadddlabelpoints-bo(64885)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64885"}, {"name": "DSA-2196", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2196"}, {"name": "43107", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43107"}, {"name": "43027", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43027"}, {"name": "70630", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/70630"}, {"name": "45966", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45966"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-0520", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2011-0699", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0699"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834"}, {"name": "[oss-security] 20110123 CVE request: MaraDNS DoS via long queries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/01/24/1"}, {"name": "[oss-security] 20110124 Re: CVE request: MaraDNS DoS via long queries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/01/24/6"}, {"name": "maradns-compressadddlabelpoints-bo(64885)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64885"}, {"name": "DSA-2196", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2196"}, {"name": "43107", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43107"}, {"name": "43027", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43027"}, {"name": "70630", "refsource": "OSVDB", "url": "http://osvdb.org/70630"}, {"name": "45966", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45966"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:58:25.928Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2011-0699", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0699"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834"}, {"name": "[oss-security] 20110123 CVE request: MaraDNS DoS via long queries", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/01/24/1"}, {"name": "[oss-security] 20110124 Re: CVE request: MaraDNS DoS via long queries", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/01/24/6"}, {"name": "maradns-compressadddlabelpoints-bo(64885)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64885"}, {"name": "DSA-2196", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2196"}, {"name": "43107", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43107"}, {"name": "43027", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43027"}, {"name": "70630", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/70630"}, {"name": "45966", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45966"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0520", "datePublished": "2011-01-28T15:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:25.928Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:maradns:maradns:1.4.03:*:*:*:*:*:*:*", "matchCriteriaId": "3F496D23-5A2F-4C76-A02B-9B3A8C143D1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:maradns:maradns:1.4.05:*:*:*:*:*:*:*", "matchCriteriaId": "E3696E4F-7680-4DF5-8A46-440B6F4774C9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow."}, {"lang": "es", "value": "La funci\u00f3n compress_add_dlabel_points en dns/Compress.c de MaraDNS v1.4.03, v1.4.05 y puede que otras versiones, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) y posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un nombre de DNS largo con un largo n\u00famero de etiquetas, esto provoca un desbordamiento de b\u00fafer basado en memoria din\u00e1mica."}], "id": "CVE-2011-0520", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-28T16:00:04.673", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/70630"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43027"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/43107"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2011/dsa-2196"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/01/24/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/01/24/6"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/45966"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2011/0699"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/70630"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43027"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/43107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/01/24/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/01/24/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/45966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0699"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64885"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}