[nsd-users] NSD 3.2.12 emergency release

Willem Toorop willem at nlnetlabs.nl
Thu Jul 19 13:41:58 UTC 2012


There is a emergency release for nsd: 3.2.12. It is available here:

www:  http://nlnetlabs.nl/downloads/nsd/nsd-3.2.12.tar.gz
sha1: dd8606a05525f6a493dfacb7ddfa7e1fa3c6a85b

All previous versions of NSD 3 (NSD 3.0.0-3.0.8, 3.1.0-3.1.1, and
3.2.0-3.2.11) are vulnerable to a denial of service attack from any host
on the internet. [ VU#624931 CVE-2012-2978 ]
And so is the NSD 4 development branch before revision 3613.

The 3.2.12 release is fixed and not vulnerable to this attack.
We strongly recommend to update NSD to version 3.2.12.

Best regards,


- Fix for VU#624931 CVE-2012-2978: NSD denial of service
  vulnerability from non-standard DNS packet from any host
  on the internet.

== Description

It is possible to crash (SIGSEGV) a NSD child server process by sending
it a non-standard DNS packet from any host on the internet. A crashed
child process will automatically be restarted by the parent process, but
an attacker may keep the NSD server occupied restarting child processes
by sending it a stream of such packets effectively preventing the NSD
server to serve.

== Remote Exploit.

The problem packet causes NSD to dereference a null pointer. Most
operating systems map the null pointer's address such that accessing it
causes a segmentation fault, ruling out the possibility for remote exploit.

== Acknowledgements

The bug was discovered by Marek Vavruša and Lubos Slovak
from CZ.NIC Labs

More information about the nsd-users mailing list