NSD Announcement

NLnet Labs, NSD development team.
Authored May, 2009
Updated and released May 19, 2009

Summary

On May 6 2009, Ilja van Sprundel of IOActive has reported to NLnet Labs a one-byte buffer overflow in NSD. The problem affects all versions 2.0.0 to 3.2.1. The bug allows a carefully crafted exploit to bring down your DNS server. It is highly unlikely that this specific one byte overflow can lead to other (system) exploits.

Solution

To resolve the issue, update your systems to NSD version 3.2.2 or higher. If you insist in running an older version of NSD, we have published vulnerability patches for versions 3.2.1 and 2.3.7. The patch makes clear what you should change in the source code, if you run a different or modified version of NSD.

Download NSD 3.2.2 (SHA1 checksum: 23fc0be5d447ea852acd49f64743c96403a091fa )
Vulnerability patch for NSD 3.2.1 (SHA1 checksum: 20cb9fc73fae951a9cc25822c48b17ca1d956119 )
Vulnerability patch for NSD 2.3.7 (SHA1 checksum: 94887d212621b458a86ad5b086eec9240477 )

Acknowledgements

We acknowledge and thank Ilja van Sprundel of IOActive for finding and reporting this vulnerability.