Bug 841268 (CVE-2012-2978) - CVE-2012-2978: nsd: NSD denial of service vulnerability from non-standard DNS packet from any host on the internet.
Summary: CVE-2012-2978: nsd: NSD denial of service vulnerability from non-standard DNS...
Status: CLOSED ERRATA
Alias: CVE-2012-2978
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
(Show other bugs)
Version: unspecified
Hardware: Unspecified Unspecified
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20120719,repor...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-07-18 14:18 UTC by Paul Wouters
Modified: 2015-08-19 09:17 UTC (History)
6 users (show)

Fixed In Version: nsd 3.2.12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-20 09:23:40 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Paul Wouters 2012-07-18 14:18:54 UTC
Description of problem:

(Embargoed until July 19 after 15:00 CET)

It is possible to crash (SIGSEGV) a NSD child server process by sending
it a non-standard DNS packet from any host on the internet. A crashed
child process will automatically be restarted by the parent process, but
an attacker may keep the NSD server occupied restarting child processes
by sending it a stream of such packets effectively preventing the NSD
server to serve.

All NSD 3 versions are vulnerable to this attack. (NSD 3.0.0-3.0.8,
3.1.0-3.1.1, and 3.2.0-3.2.11). So is the NSD 4 development branch.

== Remote Exploit.

The problem packet causes NSD to dereference a null pointer. Most
operating systems map the null pointer's address such that accessing it
causes a segmentation fault, ruling out the possibility for remote exploit.



Version-Release number of selected component (if applicable):
all version up to and including nsd-3.2.11



I'll prepare the 3.2.12 release

Comment 1 Vincent Danen 2012-07-18 23:28:25 UTC
Thanks for this, Paul.  I'm going to hijack this bug to turn it into an SRT bug so we can properly track it.

Comment 2 Paul Wouters 2012-07-19 13:43:22 UTC
 Fix for VU#624931 CVE-2012-2978: NSD denial of service
  vulnerability from non-standard DNS packet from any host
  on the internet.
  http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt

Comment 3 Paul Wouters 2012-07-19 14:24:06 UTC
Package nsd-3.2.12-1:
* was pushed to the testing repositories,
* should be available at your local mirror within two days.

Update it with (EPEL):
# su -c 'yum update --enablerepo=epel-testing nsd-3.2.12-1'
Update it with (Fedora):
# su -c 'yum update --enablerepo=updates-testing nsd-3.2.12-1'

Or use the direct links below to download the package if it is not yet available via the mirror sites. Please leave karma/feedback.

nsd-3.2.12-1.el5 has been submitted as an update for EL5.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.el5

nsd-3.2.12-1.el6 has been submitted as an update for EL6.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.el6

Comment 4 Paul Wouters 2012-07-19 14:52:45 UTC
nsd-3.2.12-1.fc16 has been submitted as an update for Fedora.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.fc16

nsd-3.2.12-1.fc17 has been submitted as an update for Fedora.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.fc17

Comment 5 Paul Wouters 2013-04-18 20:30:22 UTC
Vincent: can we close this bug?


Note You need to log in before you can comment on or make changes to this bug.