dns/nsd -- DoS vulnerability from non-standard DNS packet

ID CE82BFEB-D276-11E1-92C6-14DAE938EC40
Type freebsd
Reporter FreeBSD
Modified 2012-07-21T00:00:00


Marek Vavrusa and Lubos Slovak report:

It is possible to crash (SIGSEGV) a NSD child server process by sending it a non-standard DNS packet from any host on the internet. A crashed child process will automatically be restarted by the parent process, but an attacker may keep the NSD server occupied restarting child processes by sending it a stream of such packets effectively preventing the NSD server to serve.