[nsd-users] NSD 3.2.13 emergency release

Matthijs Mekking matthijs at nlnetlabs.nl
Fri Jul 27 07:53:53 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

There is a emergency release for nsd: 3.2.13. It is available here:

www:  http://nlnetlabs.nl/downloads/nsd/nsd-3.2.13.tar.gz
sha1: 2cb44f75e9686fd73c7ee9765857a36a8fe5bca9

NSD 3.2.11 and 3.2.12 are vulnerable to a denial of service attack if
and only if you have enabled per zone stats (--enable-zone-stats,
default off) [VU#517036 CVE-2012-2979 ].

The 3.2.13 release is fixed and not vulnerable to this attack.
We strongly recommend to update NSD to version 3.2.13.

Alternatively, you can apply a patch to 3.2.11 or 3.2.12:

www:  http://nlnetlabs.nl/downloads/nsd/nsd-3.2.13-vuln.patch
sha1: aa845b1ea27090469ebc96a19d49e6afcd1b1969

Best regards,
  Matthijs


BUG FIXES:
- - Fix for nsd-patch segfault if zone has been removed from nsd.conf
  (thanks Ilya Bakulin).
- - Bugfix #460: man page correction - identity.
- - Bugfix #461: NSD child segfaults when asked for out-of-zone data
  with --enable-zone-stats. [VU#517036 CVE-2012-2979]

== Summary

When requesting non authoritative data, and you use the new,
experimental per zone statistics feature introduced in NSD 3.2.11, NSD
wants to log the query statistics to a zone reference that is not set.

== Description

It is possible to crash (SIGSEGV) a NSD child server process by sending
it a query for non authoritative data. A crashed child process will
automatically be restarted by the parent process, but an attacker may
keep the NSD server occupied restarting child processes by sending it
a stream of such packets effectively preventing the NSD server to serve.

NSD 3.2.11 and NSD 3.2.12 are vulnerable to this attack, and only if you
have enabled the experimental per zone statistics (--enable-zone-stats).
This is by default disabled.

== Remote Exploit.

The problem packet causes NSD to dereference a null pointer. Most
operating systems map the null pointer's address such that accessing it
causes a segmentation fault, ruling out the possibility for remote
exploit.

== Acknowledgement

This bug was discovered by Tom Hendrikx, the NSD package maintainer
for Gentoo. Erwin Lansing filed a bug report (#461) for this on July
25th 2012.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQEkkQAAoJEA8yVCPsQCW5JiwH/1LzG6FcT4nIFvSdTHc1rMvf
uYwxMDzh6vV+0/iCXn4g5OmMIn/n2xcsOSNTafKimTY5BK+aNO/1/85YfBRAV4ee
Du5AdW5zDnHfxZhkUSxUXWm/503OIteKC48I70QHEuFp083DaFo44NOjv0loUkKw
2mrODK4ZpjUUomr3u0K8c6RJ+FwgVY3k9qoiCcRxEJSYvEdLMKzLY2ec7J+azc/u
GT2d9NrXyKuonVJz0kvvH7m6752xmqTIk7eZk/6sEEK2YdD/DwbjuEJe9AGG9m/P
j743GHo3t7JSWk+wYwIzqgwZjnphuNWOApQWJlbkfkcNdVXFKCUDTcetu6rx07I=
=gfl1
-----END PGP SIGNATURE-----

More information about the nsd-users mailing list