Description of problem:
(Embargoed until July 19 after 15:00 CET)
It is possible to crash (SIGSEGV) a NSD child server process by sending
it a non-standard DNS packet from any host on the internet. A crashed
child process will automatically be restarted by the parent process, but
an attacker may keep the NSD server occupied restarting child processes
by sending it a stream of such packets effectively preventing the NSD
server to serve.
All NSD 3 versions are vulnerable to this attack. (NSD 3.0.0-3.0.8,
3.1.0-3.1.1, and 3.2.0-3.2.11). So is the NSD 4 development branch.
== Remote Exploit.
The problem packet causes NSD to dereference a null pointer. Most
operating systems map the null pointer's address such that accessing it
causes a segmentation fault, ruling out the possibility for remote exploit.
Version-Release number of selected component (if applicable):
all version up to and including nsd-3.2.11
I'll prepare the 3.2.12 release
Thanks for this, Paul. I'm going to hijack this bug to turn it into an SRT bug so we can properly track it.
Fix for VU#624931 CVE-2012-2978: NSD denial of service
vulnerability from non-standard DNS packet from any host
on the internet.
* was pushed to the testing repositories,
* should be available at your local mirror within two days.
Update it with (EPEL):
# su -c 'yum update --enablerepo=epel-testing nsd-3.2.12-1'
Update it with (Fedora):
# su -c 'yum update --enablerepo=updates-testing nsd-3.2.12-1'
Or use the direct links below to download the package if it is not yet available via the mirror sites. Please leave karma/feedback.
nsd-3.2.12-1.el5 has been submitted as an update for EL5.
nsd-3.2.12-1.el6 has been submitted as an update for EL6.
nsd-3.2.12-1.fc16 has been submitted as an update for Fedora.
nsd-3.2.12-1.fc17 has been submitted as an update for Fedora.
Vincent: can we close this bug?