MaraDNS Information for VU#800113

Multiple DNS implementations vulnerable to cache poisoning


Not Affected

Vendor Statement

MaraDNS uses a secure random number generator to generate both the query
ID and the port to bind to.  In more detail, MaraDNS uses information from
the file /dev/urandom as a random seed to generate a cryptographic key.
Using a variant of AES, MaraDNS has 16 bits of entropy for the query ID
and 12 bits of entropy for the source port.

Deadwood, a from-the-ground-up reimplementation of MaraDNS also uses a secure
random number generator.  Instead of using an AES variant, Deadwood uses a
stream cipher called "Radio Gatun" (a derivative of Panama) as the random
number generator.

Note that the Windows port, if improperly configured, will have possible
security issues because there is not a convenient pool of random numbers
on that platform.

So, in summary, I am aware of this security problem and have gone to some
effort make sure MaraDNS (and Deadwood) does not have this issue.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References



There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.