ports/170024: [PATCH] [SECURITY] dns/nsd vulnerable to DoS attack
Chris Rees
crees at bayofrum.net
Fri Jul 20 14:40:11 UTC 2012
>Number: 170024
>Category: ports
>Synopsis: [PATCH] [SECURITY] dns/nsd vulnerable to DoS attack
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jul 20 14:40:10 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Chris Rees
>Release: FreeBSD 9.0-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD pegasus.bayofrum.net 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Sun Apr 29 12:29:02 BST 2012 root at pegasus.bayofrum.net:/usr/obj/usr/src/sys/PEGASUS amd64
>Description:
http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt
This patch incorporates the fix as a temporary solution until the next update of this port.
>How-To-Repeat:
>Fix:
--- nsd-2012-2978.diff begins here ---
Index: files/patch-query.c
===================================================================
--- files/patch-query.c (revision 0)
+++ files/patch-query.c (working copy)
@@ -0,0 +1,20 @@
+This text is on http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt
+
+Subject: NSD denial of service vulnerability from non-standard DNS packet
+ from any host on the internet. [ VU#624931 CVE-2012-2978 ]
+
+== Patch
+
+--- query.c (revision 3609)
++++ query.c (working copy)
+@@ -1379,6 +1379,9 @@
+ edns = &nsd->edns_ipv6;
+ }
+ #endif
++ if (RCODE(q->packet) == RCODE_FORMAT) {
++ return;
++ }
+ switch (q->edns.status) {
+ case EDNS_NOT_PRESENT:
+ break;
+
Index: Makefile
===================================================================
--- Makefile (revision 301225)
+++ Makefile (working copy)
@@ -7,7 +7,7 @@
PORTNAME= nsd
PORTVERSION= 3.2.11
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= dns ipv6
MASTER_SITES= http://www.nlnetlabs.nl/downloads/nsd/ \
ftp://ftp.rhnet.is/pub/nsd/
--- nsd-2012-2978.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list