Bug 501520 (CVE-2009-1755) - CVE-2009-1755 nsd: one-byte buffer overflow in low-level DNS packet decoding routine
Summary: CVE-2009-1755 nsd: one-byte buffer overflow in low-level DNS packet decoding ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-1755
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://www.nlnetlabs.nl/publications/...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-05-19 15:01 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:30 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-05-19 15:01:32 UTC
Embargoed:


Attachments (Terms of Use)

Description Jan Lieskovsky 2009-05-19 15:01:09 UTC
An one-byte buffer overflow was found in NSD, a complete implementation of an authoritative DNS name server, in one of its low-level DNS packet decoding
routines. An attacker could provide a specially-crafted DNS record to the
NSD DNS name server, leading to a denial of service.

Credit: Ilja van Sprundel of IOActive

References:
http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418
http://www.openwall.com/lists/oss-security/2009/05/19/1
http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.2.tar.gz
http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.1-vuln.patch
http://www.nlnetlabs.nl/downloads/nsd/nsd-2.3.7-vuln.patch

Comment 1 Jan Lieskovsky 2009-05-19 15:04:24 UTC
The issue was addressed in nsd-3.2.2-1.fc9 version of NSD package,
for Fedora 9.

The issue was addressed in nsd-3.2.2-2.fc10 version of NSD package,
for Fedora 10.

The issue was addressed in nsd-3.2.2-2.fc11 version of NSD package,
for Fedora 11.

Comment 2 Tomas Hoger 2009-05-22 06:14:13 UTC
CVE-2009-1755:
Off-by-one error in packet.c in nsd 3.2.1 and 2.3.7 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via unspecified vectors that trigger a buffer overflow.


Note You need to log in before you can comment on or make changes to this bug.