841268 – (CVE-2012-2978) CVE-2012-2978: nsd: NSD denial of service vulnerability from non-standard DNS packet from any host on the internet.

Bug 841268 (CVE-2012-2978) - CVE-2012-2978: nsd: NSD denial of service vulnerability from non-standard DNS packet from any host on the internet.

Summary: CVE-2012-2978: nsd: NSD denial of service vulnerability from non-standard DNS...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-2978
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-07-18 14:18 UTC by Paul Wouters
Modified:	2019-09-29 12:54 UTC (History)
CC List:	6 users (show)
Fixed In Version:	nsd 3.2.12
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-01-20 09:23:40 UTC

Attachments	(Terms of Use)

Description Paul Wouters 2012-07-18 14:18:54 UTC

Description of problem:

(Embargoed until July 19 after 15:00 CET)

It is possible to crash (SIGSEGV) a NSD child server process by sending
it a non-standard DNS packet from any host on the internet. A crashed
child process will automatically be restarted by the parent process, but
an attacker may keep the NSD server occupied restarting child processes
by sending it a stream of such packets effectively preventing the NSD
server to serve.

All NSD 3 versions are vulnerable to this attack. (NSD 3.0.0-3.0.8,
3.1.0-3.1.1, and 3.2.0-3.2.11). So is the NSD 4 development branch.

== Remote Exploit.

The problem packet causes NSD to dereference a null pointer. Most
operating systems map the null pointer's address such that accessing it
causes a segmentation fault, ruling out the possibility for remote exploit.



Version-Release number of selected component (if applicable):
all version up to and including nsd-3.2.11



I'll prepare the 3.2.12 release

Comment 1 Vincent Danen 2012-07-18 23:28:25 UTC

Thanks for this, Paul.  I'm going to hijack this bug to turn it into an SRT bug so we can properly track it.

Comment 2 Paul Wouters 2012-07-19 13:43:22 UTC

 Fix for VU#624931 CVE-2012-2978: NSD denial of service
  vulnerability from non-standard DNS packet from any host
  on the internet.
  http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt

Comment 3 Paul Wouters 2012-07-19 14:24:06 UTC

Package nsd-3.2.12-1:
* was pushed to the testing repositories,
* should be available at your local mirror within two days.

Update it with (EPEL):
# su -c 'yum update --enablerepo=epel-testing nsd-3.2.12-1'
Update it with (Fedora):
# su -c 'yum update --enablerepo=updates-testing nsd-3.2.12-1'

Or use the direct links below to download the package if it is not yet available via the mirror sites. Please leave karma/feedback.

nsd-3.2.12-1.el5 has been submitted as an update for EL5.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.el5

nsd-3.2.12-1.el6 has been submitted as an update for EL6.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.el6

Comment 4 Paul Wouters 2012-07-19 14:52:45 UTC

nsd-3.2.12-1.fc16 has been submitted as an update for Fedora.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.fc16

nsd-3.2.12-1.fc17 has been submitted as an update for Fedora.
https://admin.fedoraproject.org/updates/nsd-3.2.12-1.fc17

Comment 5 Paul Wouters 2013-04-18 20:30:22 UTC

Vincent: can we close this bug?

Note You need to log in before you can comment on or make changes to this bug.