Vulnerability Note VU#710316

NSD vulnerable to one-byte overflow

Overview

A vulnerability exists in the way NSD processes certain types of packets that may lead to a one-byte buffer overflow.

I. Description

Name server daemon (NSD) is an open source name server developed by NLnet Labs. NSD contains an off-by-one error that can cause a one-byte buffer overflow when certain packets are processed. The vulnerability exits in the packet_read_query_section() function in packet.c in versions 3.x and in the process_query_section() function in query.c in versions 2.x.

Note that this issue affects NSD versions 2.0.0 through 3.2.1.

II. Impact

A remote, unauthenticated attacker may be able to cause the DNS software to crash resulting in a denial-of-service condition.

III. Solution

Apply patch

NLnet Labs has released NSD version 3.2.2 and patches for versions 3.2.1 and 2.3.7. More information and links to these patches can be found in NLnet Labs NSD Announcement.

Users are encouraged to check with their vendor to determine the appropriate patch or update to apply.

Systems Affected

Vendor	Status	Date Notified	Date Updated
3com, Inc.	Unknown	2009-05-19	2009-05-19
ACCESS	Unknown	2009-05-19	2009-05-19
Alcatel-Lucent	Unknown	2009-05-19	2009-05-19
Apple Computer, Inc.	Not Vulnerable	2009-05-19	2009-05-20
AT&T	Unknown	2009-05-19	2009-05-19
Avaya, Inc.	Unknown	2009-05-19	2009-05-19
Barracuda Networks	Unknown	2009-05-19	2009-05-19
Belkin, Inc.	Unknown	2009-05-19	2009-05-19
Borderware Technologies	Unknown	2009-05-19	2009-05-19
Bro	Unknown	2009-05-19	2009-05-19
Charlotte's Web Networks	Unknown	2009-05-19	2009-05-19
Check Point Software Technologies	Unknown	2009-05-19	2009-05-19
Cisco Systems, Inc.	Unknown	2009-05-19	2009-05-19
Clavister	Unknown	2009-05-19	2009-05-19
Computer Associates	Not Vulnerable	2009-05-19	2009-05-22
Computer Associates eTrust Security Management	Not Vulnerable	2009-05-19	2009-05-22
Conectiva Inc.	Unknown	2009-05-19	2009-05-19
Cray Inc.	Not Vulnerable	2009-05-19	2009-05-20
Debian GNU/Linux	Vulnerable	2009-05-19	2009-05-20
DragonFly BSD Project	Unknown	2009-05-19	2009-05-19
EMC Corporation	Unknown	2009-05-19	2009-05-19
Engarde Secure Linux	Unknown	2009-05-19	2009-05-19
Enterasys Networks	Unknown	2009-05-19	2009-05-19
Ericsson	Not Vulnerable	2009-05-19	2009-05-20
eSoft, Inc.	Unknown	2009-05-19	2009-05-19
Extreme Networks	Not Vulnerable	2009-05-19	2009-05-22
F5 Networks, Inc.	Unknown	2009-05-19	2009-05-19
Fedora Project	Unknown	2009-05-19	2009-05-19
Force10 Networks, Inc.	Unknown	2009-05-19	2009-05-19
Fortinet, Inc.	Unknown	2009-05-19	2009-05-19
Foundry Networks, Inc.	Unknown	2009-05-19	2009-05-19
FreeBSD, Inc.	Unknown	2009-05-19	2009-05-19
Gentoo Linux	Not Vulnerable	2009-05-19	2009-05-22
Global Technology Associates	Unknown	2009-05-19	2009-05-19
Hewlett-Packard Company	Unknown	2009-05-19	2009-05-19
Hitachi	Unknown	2009-05-19	2009-05-19
IBM Corporation	Unknown	2009-05-19	2009-05-19
IBM eServer	Unknown	2009-05-19	2009-05-19
Internet Security Systems, Inc.	Unknown	2009-05-19	2009-05-19
Intoto	Unknown	2009-05-19	2009-05-19
IP Filter	Unknown	2009-05-19	2009-05-19
Juniper Networks, Inc.	Unknown	2009-05-19	2009-05-19
Luminous Networks	Unknown	2009-05-19	2009-05-19
m0n0wall	Unknown	2009-05-19	2009-05-19
Mandriva S. A.	Unknown	2009-05-19	2009-05-19
McAfee	Unknown	2009-05-19	2009-05-19
MontaVista Software, Inc.	Unknown	2009-05-19	2009-05-19
Multitech, Inc.	Unknown	2009-05-19	2009-05-19
NEC Corporation	Unknown	2009-05-19	2009-05-19
NetApp	Unknown	2009-05-19	2009-05-19
NetBSD	Unknown	2009-05-19	2009-05-19
netfilter	Unknown	2009-05-19	2009-05-19
NLnet Labs	Unknown	2009-05-28	2009-05-28
Nokia	Unknown	2009-05-19	2009-05-19
Nortel Networks, Inc.	Unknown	2009-05-19	2009-05-19
Novell, Inc.	Unknown	2009-05-19	2009-05-19
OpenBSD	Unknown	2009-05-19	2009-05-19
Openwall GNU/*/Linux	Unknown	2009-05-19	2009-05-19
PePLink	Not Vulnerable	2009-05-19	2009-05-20
Process Software	Unknown	2009-05-19	2009-05-19
Q1 Labs	Not Vulnerable	2009-05-19	2009-06-01
QNX, Software Systems, Inc.	Unknown	2009-05-19	2009-05-19
Quagga	Unknown	2009-05-19	2009-05-19
RadWare, Inc.	Unknown	2009-05-19	2009-05-19
Red Hat, Inc.	Not Vulnerable	2009-05-19	2009-05-20
Redback Networks, Inc.	Unknown	2009-05-19	2009-05-19
SafeNet	Not Vulnerable	2009-05-19	2009-05-22
Secureworx, Inc.	Unknown	2009-05-19	2009-05-19
Silicon Graphics, Inc.	Unknown	2009-05-19	2009-05-19
Slackware Linux Inc.	Unknown	2009-05-19	2009-05-19
SmoothWall	Unknown	2009-05-19	2009-05-19
Snort	Unknown	2009-05-19	2009-05-19
Soapstone Networks	Unknown	2009-05-19	2009-05-19
Sony Corporation	Unknown	2009-05-19	2009-05-19
Sourcefire	Unknown	2009-05-19	2009-05-19
Stonesoft	Unknown	2009-05-19	2009-05-19
Sun Microsystems, Inc.	Not Vulnerable	2009-05-19	2009-05-20
SUSE Linux	Unknown	2009-05-19	2009-05-19
Symantec	Unknown	2009-05-19	2009-05-19
The SCO Group	Not Vulnerable	2009-05-19	2009-05-20
TippingPoint, Technologies, Inc.	Unknown	2009-05-19	2009-05-19
Turbolinux	Unknown	2009-05-19	2009-05-19
U4EA Technologies, Inc.	Unknown	2009-05-19	2009-05-19
Ubuntu	Unknown	2009-05-19	2009-05-19
Unisys	Unknown	2009-05-19	2009-05-19
Vyatta	Unknown	2009-05-19	2009-05-19
Watchguard Technologies, Inc.	Unknown	2009-05-19	2009-05-19
Wind River Systems, Inc.	Unknown	2009-05-19	2009-05-19
ZyXEL	Unknown	2009-05-19	2009-05-19

References

http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html

Credit

This issue was reported in NLnet Labs NSD Announcement.

This document was written by Chris Taschner.

Other Information

Date Public:	2009-05-18
Date First Published:	2009-05-20
Date Last Updated:	2009-06-01
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	8.40
Document Revision:	10