Red Hat Bugzilla – Bug 501520
CVE-2009-1755 nsd: one-byte buffer overflow in low-level DNS packet decoding routine
Last modified: 2009-05-22 02:14:13 EDT
An one-byte buffer overflow was found in NSD, a complete implementation of an authoritative DNS name server, in one of its low-level DNS packet decoding
routines. An attacker could provide a specially-crafted DNS record to the
NSD DNS name server, leading to a denial of service.
Credit: Ilja van Sprundel of IOActive
The issue was addressed in nsd-3.2.2-1.fc9 version of NSD package,
for Fedora 9.
The issue was addressed in nsd-3.2.2-2.fc10 version of NSD package,
for Fedora 10.
The issue was addressed in nsd-3.2.2-2.fc11 version of NSD package,
for Fedora 11.
Off-by-one error in packet.c in nsd 3.2.1 and 2.3.7 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via unspecified vectors that trigger a buffer overflow.