Debian Security Advisory
DSA-2515-1 nsd3 -- null pointer dereference
- Date Reported:
- 19 Jul 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-2978.
- More information:
Marek Vavruša and Lubos Slovak discovered that NSD, an authoritative domain name server, is not properly handling non-standard DNS packets. This can result in a NULL pointer dereference and crash the handling process. A remote attacker can abuse this flaw to perform denial of service attacks.
For the stable distribution (squeeze), this problem has been fixed in version 3.2.5-1.squeeze2.
For the testing distribution (wheezy), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 3.2.12-1.
We recommend that you upgrade your nsd3 packages.