Security Information / 2012 / Security Information -- DSA-2515-1 nsd3

Debian Security Advisory

DSA-2515-1 nsd3 -- null pointer dereference

Date Reported:

19 Jul 2012

Affected Packages:

nsd3

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-2978.

More information:

Marek Vavruša and Lubos Slovak discovered that NSD, an authoritative domain name server, is not properly handling non-standard DNS packets. This can result in a NULL pointer dereference and crash the handling process. A remote attacker can abuse this flaw to perform denial of service attacks.

For the stable distribution (squeeze), this problem has been fixed in version 3.2.5-1.squeeze2.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 3.2.12-1.

We recommend that you upgrade your nsd3 packages.