Bug 790 - A master can kill a NSD slave with infinite zones
A master can kill a NSD slave with infinite zones
Product: NSD
Classification: Unclassified
Component: NSD Code
All Linux
: P5 normal
Assigned To: NSD team
Depends on:
  Show dependency treegraph
Reported: 2016-07-05 08:59 CEST by Stéphane Bortzmeyer
Modified: 2016-07-06 16:30 CEST (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Stéphane Bortzmeyer 2016-07-05 08:59:12 CEST
There has been a public report http://dnsops.jp/event20160624.html https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html that a rogue master can kill a NSD slave by sending  unlimited zone data during a zone transfer. With NSD, /tmp becomes full.

A tool to implement the attack is https://github.com/sischkg/xfer-limit It also includes a proposed patch to NSD.
Comment 1 Wouter Wijngaards 2016-07-05 15:04:30 CEST
Hi Stephane,

Thank you for the bug entry, I had not spotted this yet!

Applied the patch (I think it is from Toshifumi Sakaguchi (sischkg on github)).  (added small fixes and documentation to it).

I cannot think of a good default value for it, so I'll leave that at the suggested 0 (unlimited).

Best regards, Wouter
Comment 2 Stéphane Bortzmeyer 2016-07-06 16:30:56 CEST
For the record, this is apparently CVE-2016-6173