There was a bug introduced in MaraDNS 1.3.03 (January 2007): Hostnames that incorrectly not end with a dot result in a string being deallocated then used.
MaraDNS 1.2 does not have this issue.
This issue can not be exploited from zones loaded using DNS's zone transfer mechanism; fetchzone filters data obtained this way. This issue can only be exploited in the unusual case of an attacker having control of the contents of a csv2 zone file to be parsed by MaraDNS.
This issue, on Linux systems, results in a null pointer dereference that terminates that MaraDNS process.
Impact: Denial of service
This issue is now fixed in MaraDNS 1.4.03 and 1.3.07.10, released February 2, 2010. I have already talked with the relevant people at Debian, who feel this bug is not serious enough to warrant a new stable release of MaraDNS in the Debian repositories.
The updated files can be downloaded here:
http://www.maradns.org/download.html
Next: Upload MaraDNS 1.4.03 to Sourceforge (Update: Done)
Note also that MaraDNS 1.4.03 documents the reject_aaaa/ptr parameters, as posted to the blog yesterday.
