In association with heise online

25 May 2009, 10:22

Vulnerability in NSD Name Server Daemon eliminated

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability in the Name Server Daemon (NSD), a free implementation of a DNS server by NLnet Labs, can be exploited to make DoS attacks. Certain packets can cause a one-byte buffer overflow in packet_read_query_section in version 3.x and in process_query_section in version 2.x. The consequence of this overflow is a denial-of-service condition which takes down the name server.

NSD versions 2.0.0 to 3.2.1 are affected. One of the errors has been fixed in version 3.2.2, and there are patches for versions 3.2.1 and 2.3.7.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit