2.1 CVE-2011-5056
Patch
The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024.
https://nvd.nist.gov/vuln/detail/CVE-2011-5056
Categories
CWE-400 : Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. Certain automated dynamic analysis techniques may be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the product within a short time frame. While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find resource exhaustion problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted product in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to handle resource exhaustion may be the cause. Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold. Ensure that protocols have specific limits of scale placed on them. Ensure that all failures in resource allocation place the system into a safe posture. Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190). Go-based workload orchestrator does not limit resource usage with unauthenticated connections, allowing a DoS by flooding the service Resource exhaustion in distributed OS because of "insufficient" IGMP queue management, as exploited in the wild per CISA KEV. Product allows attackers to cause a crash via a large number of connections. Malformed request triggers uncontrolled recursion, leading to stack exhaustion. Chain: memory leak (CWE-404) leads to resource exhaustion. Driver does not use a maximum width when invoking sscanf style functions, causing stack consumption. Large integer value for a length property in an object causes a large amount of memory allocation. Web application firewall consumes excessive memory when an HTTP request contains a large Content-Length value but no POST data. Product allows exhaustion of file descriptors when processing a large number of TCP packets. Communication product allows memory consumption with a large number of SIP requests, which cause many sessions to be created. TCP implementation allows attackers to consume CPU and prevent new connections using a TCP SYN flood attack. Port scan triggers CPU consumption with processes that attempt to read data from closed sockets. Product allows attackers to cause a denial of service via a large number of directives, each of which opens a separate window. Product allows resource exhaustion via a large number of calls that do not complete a 3-way handshake. Mail server does not properly handle deeply nested multipart MIME messages, leading to stack exhaustion. Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.
References
CONFIRM Patch
http://samiam.org/blog/20111229.html Patch Third Party Advisory |
SECTRACK
1026820 Third Party Advisory VDB Entry |
XF
maradns-server-dos(72258) Third Party Advisory VDB Entry |
CPE
cpe | start | end |
---|---|---|
Configuration 1 | ||
cpe:2.3:a:maradns:maradns:*:*:*:*:*:*:*:* | <= 2.0.04 |
REMEDIATION
Patch
Url |
---|
http://samiam.org/blog/20111229.html |
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
Other (github, ...)
Url |
---|
No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
147 | XML Ping of the Death |
Medium |
227 | Sustained Client Engagement |
|
492 | Regular Expression Exponential Blowup |
MITRE
Techniques
id | description |
---|---|
T1499 | Endpoint Denial of Service |
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
Mitigations
id | description |
---|---|
T1499 | Leverage services provided by Content Delivery Networks (CDN) or providers specializing in DoS mitigations to filter traffic upstream from services. Filter boundary traffic by blocking source addresses sourcing the attack, blocking ports that are being targeted, or blocking protocols being used for transport. To defend against SYN floods, enable SYN Cookies. |
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation. |
Sherlock® flash
Take a picture of your computer network in a few clicks !
The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.
