Date: Fri, 20 Jul 2012 15:25:41 +0100 (BST) From: Chris Rees <crees@bayofrum.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/170024: [PATCH] [SECURITY] dns/nsd vulnerable to DoS attack Message-ID: <20120720142541.C4B7911B3A@pegasus.bayofrum.net> Resent-Message-ID: <201207201440.q6KEeAdl072661@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 170024 >Category: ports >Synopsis: [PATCH] [SECURITY] dns/nsd vulnerable to DoS attack >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jul 20 14:40:10 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Chris Rees >Release: FreeBSD 9.0-RELEASE amd64 >Organization: >Environment: System: FreeBSD pegasus.bayofrum.net 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Sun Apr 29 12:29:02 BST 2012 root@pegasus.bayofrum.net:/usr/obj/usr/src/sys/PEGASUS amd64 >Description: http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt This patch incorporates the fix as a temporary solution until the next update of this port. >How-To-Repeat: >Fix: --- nsd-2012-2978.diff begins here --- Index: files/patch-query.c =================================================================== --- files/patch-query.c (revision 0) +++ files/patch-query.c (working copy) @@ -0,0 +1,20 @@ +This text is on http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt + +Subject: NSD denial of service vulnerability from non-standard DNS packet + from any host on the internet. [ VU#624931 CVE-2012-2978 ] + +== Patch + +--- query.c (revision 3609) ++++ query.c (working copy) +@@ -1379,6 +1379,9 @@ + edns = &nsd->edns_ipv6; + } + #endif ++ if (RCODE(q->packet) == RCODE_FORMAT) { ++ return; ++ } + switch (q->edns.status) { + case EDNS_NOT_PRESENT: + break; + Index: Makefile =================================================================== --- Makefile (revision 301225) +++ Makefile (working copy) @@ -7,7 +7,7 @@ PORTNAME= nsd PORTVERSION= 3.2.11 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= dns ipv6 MASTER_SITES= http://www.nlnetlabs.nl/downloads/nsd/ \ ftp://ftp.rhnet.is/pub/nsd/ --- nsd-2012-2978.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120720142541.C4B7911B3A>