vulnerability
Ubuntu: USN-6271-1 (CVE-2022-30256): MaraDNS vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Nov 19, 2022 | Aug 4, 2023 | Jan 30, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Nov 19, 2022
Added
Aug 4, 2023
Modified
Jan 30, 2025
Description
An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.
Solution(s)
ubuntu-pro-upgrade-duendeubuntu-pro-upgrade-maradnsubuntu-pro-upgrade-maradns-deadwoodubuntu-pro-upgrade-maradns-zoneserver
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.