[nsd-users] NSD 3.2.12 emergency release

Willem Toorop willem at nlnetlabs.nl
Thu Jul 19 13:41:58 UTC 2012


Greetings,

There is a emergency release for nsd: 3.2.12. It is available here:

www:  http://nlnetlabs.nl/downloads/nsd/nsd-3.2.12.tar.gz
sha1: dd8606a05525f6a493dfacb7ddfa7e1fa3c6a85b

All previous versions of NSD 3 (NSD 3.0.0-3.0.8, 3.1.0-3.1.1, and
3.2.0-3.2.11) are vulnerable to a denial of service attack from any host
on the internet. [ VU#624931 CVE-2012-2978 ]
And so is the NSD 4 development branch before revision 3613.

The 3.2.12 release is fixed and not vulnerable to this attack.
We strongly recommend to update NSD to version 3.2.12.

Best regards,
  Willem


NSD 3.2.12 RELEASE NOTES

BUG FIXES:
- Fix for VU#624931 CVE-2012-2978: NSD denial of service
  vulnerability from non-standard DNS packet from any host
  on the internet.
  http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt


== Description

It is possible to crash (SIGSEGV) a NSD child server process by sending
it a non-standard DNS packet from any host on the internet. A crashed
child process will automatically be restarted by the parent process, but
an attacker may keep the NSD server occupied restarting child processes
by sending it a stream of such packets effectively preventing the NSD
server to serve.

== Remote Exploit.

The problem packet causes NSD to dereference a null pointer. Most
operating systems map the null pointer's address such that accessing it
causes a segmentation fault, ruling out the possibility for remote exploit.

== Acknowledgements

The bug was discovered by Marek Vavruša and Lubos Slovak
from CZ.NIC Labs





More information about the nsd-users mailing list