Date: Tue, 19 May 2009 14:07:09 +0200 From: Nico Golde <oss-security+ml@...lde.de> To: oss-security@...ts.openwall.com Subject: CVE id request: nsd Hi, the nsd name server seems to have an off-by-one which at least opens it up for denial of service. The advisory states that code execution is highly unlikely in this case though I had no time to check this. http://bugs.debian.org/529420 http://bugs.debian.org/529418 Patches: http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.1-vuln.patch http://www.nlnetlabs.nl/downloads/nsd/nsd-2.3.7-vuln.patch Can I get a CVE id for this please? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ