Sam Trenholme's webpage
Support this website or listen to my music

MaraDNS update, making music

 

October 8 2015

In this blog, I discuss making music again and a MaraDNS update.

==Making music again==

Since the beginning of this year, I have started to make some music again and am slowly but surely writing an album of music. Right now, four songs are mostly finished, and I will make the music public once I have at least eight songs and 30 minutes of music.

In the meantime, I have set up a domain (and Facebook and Twitter and Bandcamp and Soundcloud and even a Reddit sub) for promoting the music:

http://caulixtla.com/
I hope, once this is released, people enjoy listening to the music as much I have enjoyed making the music.

==MaraDNS update==

There is a buffer overflow (actually, underflow) in Deadwood which allows an out of bounds memory location to be overwritten with the output of malloc().

It is unknown whether this buffer underflow is remotely exploitable; it has only been seen on systems where there is no default gateway route.

Unlike other recent bugs which have popped up, this is not something from the 2001-2002 codebase; this is from the 2009 codebase when I added code to merge multiple inflight connections, to protect against attacks like https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4392 (Yeah, spoofing is much more dangerous than being able to possibly remotely crash Deadwood, so I made the right call)

I have verified that the 2.3 branch of Deadwood doesn’t have inflight merging, so it doesn’t have this bug.

In flight merging (and this bug) was added on August 31, 2009, in Deadwood 2.4.07 http://maradns.blogspot.com/2009/08/deadwood-2407-released.html

In addition, there are two buffer overflows (actually, one buffer overflow and one buffer underflow) in ParseMaraRc.c. One of the buffer overruns can not be exploited, the other is a difficult to exploit buffer overflow (actually, underflow) in the mararc parser. The workaround is to not let random people edit the mararc file (which is usually in /etc and owned by root); the fix is in MaraDNS 2.0.13.

The MaraDNS exploit is very limited. It’s not possible to write to any memory with this bug; it only allows MaraDNS to read from a memory location she should not read from.

Deadwood 3.2.09 and MaraDNS 2.0.13 fix these bugs, and are available for download here:

http://maradns.samiam.org/download.html

To post a comment about this blog entry, send me an email. I may or may not post it, with or without editing.

Previous entry Next entry Blog index