Detections
Analytics
NSD packet.c Off-By-One Remote Overflow
medium Nessus Plugin ID 38850
Language:
Synopsis
The DNS server running on the remote host has a remote buffer overflow vulnerability.Description
According to its self-reported version number, the version of NSD running on the remote host has a stack-based buffer overflow vulnerability. This could allow a remote attacker to overwrite one byte in memory, leading to a denial of service. It is possible, but unlikely, that this vulnerability could result in remote code execution.Solution
Upgrade to NSD version 3.2.2 or later, or apply the patch referenced in the vendor's advisory.See Also
http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html
Plugin Details
Severity: Medium
ID: 38850
File Name: nsd_packet_overflow.nasl
Version: Revision: 1.11
Type: remote
Family: DNS
Published: 5/21/2009
Updated: 5/11/2016
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
Required KB Items: Settings/ParanoidReport, nsd/version
Exploit Ease: No known exploits are available
Reference Information
BID: 35029
Secunia: 35165