Vulnerability Details : CVE-2008-0061
MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records."
Vulnerability category: Denial of service
Products affected by CVE-2008-0061
- cpe:2.3:a:maradns:maradns:1.2.12.02:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.2.12.04:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.3.01:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.3.02:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.2.12.01:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.2.12.03:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.2.12.05:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.3.04:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.3.03:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.2.12.06:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.3.05:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.00:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.07:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.08:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.09:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.33:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.34:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.01:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.02:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.35:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.36:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.3.06:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.05:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.06:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.39:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.3.07.03:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.03:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.04:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.37:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.0.38:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.2.12.07:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.3.07:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.3.07.01:*:*:*:*:*:*:*
- cpe:2.3:a:maradns:maradns:1.3.07.02:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0061
7.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0061
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2008-0061
-
http://www.maradns.org/changelog.html
MaraDNS - a small open-source DNS server
-
http://security.gentoo.org/glsa/glsa-200801-16.xml
MaraDNS: CNAME Denial of service (GLSA 200801-16) — Gentoo security
-
http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html
Musings about MaraDNS and technology
-
http://www.vupen.com/english/advisories/2008/0026
Site en construction
-
http://bugs.gentoo.org/show_bug.cgi?id=204351
204351 – (CVE-2008-0061) net-dns/maradns < 1.2.12.09 CNAME Remote DoS (CVE-2008-0061)
-
http://www.debian.org/security/2008/dsa-1445
[SECURITY] [DSA 1445-1] New maradns packages fix denial of service
-
http://www.securityfocus.com/bid/27124
Jump to