I got a GitHub bug report about MaraDNS’ zoneserver program getting a segmentation fault. In the stack trace, free() was being called against a memory location whose value was uninitialized (and therefore random).
This bug allows a denial of service attack; by making the zoneserver daemon free an invalid memory location, it was possible to terminate the zoneserver process. I do not know whether or not this bug is remotely exploitable.
I now always initialize the memory location in question.
Because of the nature of this bug, I have made a MaraDNS 2.0.12 release to fix this bug. It can be downloaded here:
As I have promised before, I am no longer updating the Sourceforge version of MaraDNS. People may download MaraDNS from the MaraDNS web site, or from GitHub:
This bug impacts MaraDNS 1. I will not fix this bug in older versions of MaraDNS; I have given users a three-year warning that MaraDNS 1 is no longer supported. All MaraDNS 1 users need to upgrade to MaraDNS 2.
In addition to fixing this bug, MaraDNS 2.0.12 updates Deadwood (documentation updates and increased maxprocs values), fixes zoneserver to work with newer versions of dig, and has a number of documentation updates.
When and if letsencrypt.org becomes live and offers free HTTPS certificates, I will get a free wildcard cert for samiam.org and start serving MaraDNS over SSL (TLS).
Unless another security bug comes up, my next MaraDNS and Deadwood release will be in the late summer of 2016.
Comments are closed