FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dnrd -- remote buffer and stack overflow vulnerabilities

Affected packages
dnrd < 2.19.1

Details

VuXML ID e72fd82b-fa01-11d9-bc08-0001020eed82
Discovery 2005-07-21
Entry 2005-07-21

Natanael Copa reports that dnrd is vulnerable to a remote buffer overflow and a remote stack overflow. These vulnerabilities can be triggered by sending invalid DNS packets to dnrd.

The buffer overflow could potentially be used to execute arbitrary code with the permissions of the dnrd daemon. Note that dnrd runs in an chroot environment and runs as non-root.

The stack overflow vulnerability can cause dnrd to crash.

References

CVE Name CVE-2005-2315
CVE Name CVE-2005-2316
FreeBSD PR ports/83851