FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dns/nsd -- DoS vulnerability from non-standard DNS packet

Affected packages
nsd < 3.2.11_2

Details

VuXML ID ce82bfeb-d276-11e1-92c6-14dae938ec40
Discovery 2012-07-19
Entry 2012-07-20
Modified 2012-07-21

Marek Vavrusa and Lubos Slovak report:

It is possible to crash (SIGSEGV) a NSD child server process by sending it a non-standard DNS packet from any host on the internet. A crashed child process will automatically be restarted by the parent process, but an attacker may keep the NSD server occupied restarting child processes by sending it a stream of such packets effectively preventing the NSD server to serve.

References

CVE Name CVE-2012-2978
FreeBSD PR ports/170024
URL http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt