This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 841268 - (CVE-2012-2978) CVE-2012-2978: nsd: NSD denial of service vulnerability from non-standard DNS packet from any host on the internet.
CVE-2012-2978: nsd: NSD denial of service vulnerability from non-standard DNS...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120719,repor...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-18 10:18 EDT by Paul Wouters
Modified: 2015-08-19 05:17 EDT (History)
6 users (show)

See Also:
Fixed In Version: nsd 3.2.12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-20 04:23:40 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Paul Wouters 2012-07-18 10:18:54 EDT
Description of problem:

(Embargoed until July 19 after 15:00 CET)

It is possible to crash (SIGSEGV) a NSD child server process by sending
it a non-standard DNS packet from any host on the internet. A crashed
child process will automatically be restarted by the parent process, but
an attacker may keep the NSD server occupied restarting child processes
by sending it a stream of such packets effectively preventing the NSD
server to serve.

All NSD 3 versions are vulnerable to this attack. (NSD 3.0.0-3.0.8,
3.1.0-3.1.1, and 3.2.0-3.2.11). So is the NSD 4 development branch.

== Remote Exploit.

The problem packet causes NSD to dereference a null pointer. Most
operating systems map the null pointer's address such that accessing it
causes a segmentation fault, ruling out the possibility for remote exploit.



Version-Release number of selected component (if applicable):
all version up to and including nsd-3.2.11



I'll prepare the 3.2.12 release
Comment 1 Vincent Danen 2012-07-18 19:28:25 EDT
Thanks for this, Paul.  I'm going to hijack this bug to turn it into an SRT bug so we can properly track it.
Comment 2 Paul Wouters 2012-07-19 09:43:22 EDT
 Fix for VU#624931 CVE-2012-2978: NSD denial of service
  vulnerability from non-standard DNS packet from any host
  on the internet.
  http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt
Comment 3 Paul Wouters 2012-07-19 10:24:06 EDT
Package nsd-3.2.12-1:
* was pushed to the testing repositories,
* should be available at your local mirror within two days.

Update it with (EPEL):
# su -c 'yum update --enablerepo=epel-testing nsd-3.2.12-1'
Update it with (Fedora):
# su -c 'yum update --enablerepo=updates-testing nsd-3.2.12-1'

Or use the direct links below to download the package if it is not yet available via the mirror sites. Please leave karma/feedback.

nsd-3.2.12-1.el5 has been submitted as an update for EL5.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.el5

nsd-3.2.12-1.el6 has been submitted as an update for EL6.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.el6
Comment 4 Paul Wouters 2012-07-19 10:52:45 EDT
nsd-3.2.12-1.fc16 has been submitted as an update for Fedora.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.fc16

nsd-3.2.12-1.fc17 has been submitted as an update for Fedora.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.fc17
Comment 5 Paul Wouters 2013-04-18 16:30:22 EDT
Vincent: can we close this bug?

Note You need to log in before you can comment on or make changes to this bug.