Vigil@nce: NSD, buffer overflow of one byte
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a one byte buffer overflow in NSD in
order to create a denial of service.
Severity: 2/4
Consequences: user access/rights, denial of service of service
Provenance: internet client
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 20/05/2009
IMPACTED PRODUCTS
– Debian Linux
– Fedora
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The NSD program implements an authoritative DNS server.
In a DNS packet, a name is represented as "size fragment...". For
example:
3 www 7 example 3 com 0
The packet_read_query_section() function of packet.c of NSD copies
the name from the received DNS packet to a memory area. However,
the size checking feature forgets the last zero. An overflow of
one byte thus occurs.
An attacker can therefore send a malicious DNS query in order to
stop NSD, and eventually to execute code.
CHARACTERISTICS
Identifiers: CVE-2009-1755, DSA 1803-1, FEDORA-2009-5190,
FEDORA-2009-5191, VIGILANCE-VUL-8722, VU#710316
http://vigilance.fr/vulnerability/NSD-buffer-overflow-of-one-byte-8722