CVE-2014-2031
First published: Tue Feb 18 2014(Updated: )
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to a logic error.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Maradns Project Maradns | <1.4.14 | |
| Maradns Project Maradns | >=2.0.05<2.0.09 | |
| Deadwood Project Deadwood | <2.3.09 | |
| Deadwood Project Deadwood | >=3.0.01<3.2.05 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://samiam.org/blog/2014-02-12.html
- http://www.openwall.com/lists/oss-security/2014/02/19/15
- http://www.securitytracker.com/id/1029771
- https://bugzilla.redhat.com/show_bug.cgi?id=1066609
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91203
- https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093
- https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3
- http://secunia.com/advisories/57033/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1066611
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1066612
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1066609#c2
- https://admin.fedoraproject.org/updates/FEDORA-2014-2421
- https://admin.fedoraproject.org/updates/FEDORA-2014-2439
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1066609#c3
- https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life#EPEL
- https://access.redhat.com/security/cve/CVE-2014-2031
- https://access.redhat.com/security/cve/CVE-2014-2032
- http://seclists.org/oss-sec/2014/q1/399
Frequently Asked Questions
What is the severity of CVE-2014-2031?
CVE-2014-2031 has been classified as a denial of service vulnerability.
How do I fix CVE-2014-2031?
To fix CVE-2014-2031, upgrade Deadwood to version 2.3.09 or later, and ensure MaraDNS is updated to version 1.4.14 or 2.0.09 and later.
What software is affected by CVE-2014-2031?
CVE-2014-2031 affects Deadwood versions before 2.3.09 and 3.x before 3.2.05, as well as MaraDNS versions before 1.4.14 and 2.x before 2.0.09.
What type of attack can exploit CVE-2014-2031?
CVE-2014-2031 can be exploited by remote attackers causing a denial of service through out-of-bounds read and crash.
What was the cause of the vulnerability CVE-2014-2031?
CVE-2014-2031 is due to a logic error that occurs when performing recursive queries against Deadwood.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-2031
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/maradns project
- canonical/maradns project maradns
- version/maradns project maradns/2.0.05
- vendor/deadwood project
- canonical/deadwood project deadwood
- version/deadwood project deadwood/3.0.01