Vulnerability in NSD Name Server Daemon eliminated
A vulnerability in the Name Server Daemon (NSD), a free implementation of a DNS server by NLnet Labs, can be exploited to make DoS attacks. Certain packets can cause a one-byte buffer overflow in packet_read_query_section
in version 3.x and in process_query_section
in version 2.x. The consequence of this overflow is a denial-of-service condition which takes down the name server.
NSD versions 2.0.0 to 3.2.1 are affected. One of the errors has been fixed in version 3.2.2, and there are patches for versions 3.2.1 and 2.3.7.
See also:
- NSD announcement, report by NLnet Labs
- NSD vulnerable to one-byte overflow, report by US-CERT
(djwm)