CINXE.COM

NLnet Labs - NSD - Security Advisories

<!DOCTYPE html> <html lang="en"> <head> <title>NLnet Labs - NSD - Security Advisories </title> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- Favicons START --> <link rel="shortcut icon" href="/extra/favicons/favicon.ico" /> <link rel="icon" type="image/x-icon" href="/extra/favicons/favicon.ico" /> <link rel="apple-touch-icon" sizes="180x180" href="/extra/favicons/Mark-NLnet-Labs-180px.png" /> <link rel="icon" type="image/png" href="/extra/favicons/favicon-196x196.png" sizes="196x196" /> <!-- Favicons END --> <meta name="description" content="We take security very seriously. If you have found a security issue in NSD, please submit a security report. Local symlink attack Date:2020-12-01 CVE:CVE-2020-28935 Credit:Mason Loring Bliss Affects:NSD 4.3.3 and earlier versions Not affected:NSD 4.3.4 and later Severity:Low Impact:Denial …" /> <meta name="keywords" content="NLnet Labs, NLnetLabs, Open Netlabs, OpenNetlabs, DNS, DNSSEC, name server, nameserver, resolver, Unbound, NSD, OpenDNSSEC, LDNS, getDNS, infosec, open source, Krill, Routinator, RPKI, BGPSEC, ROA" /> <!-- facebook open graph tags --> <meta property="og:site_name" content="NLnet Labs" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://nlnetlabs.nl/projects/nsd/security-advisories/" /> <meta property="og:title" content="NSD - Security Advisories" /> <meta property="og:image" content="https://nlnetlabs.nl/static/logos/NLnetLabs/Mark_NLnet_Labs.png" /> <meta property="og:description" content="We take security very seriously. If you have found a security issue in NSD, please submit a security report. Local symlink attack Date:2020-12-01 CVE:CVE-2020-28935 Credit:Mason Loring Bliss Affects:NSD 4.3.3 and earlier versions Not affected:NSD 4.3.4 and later Severity:Low Impact:Denial …" /> <!-- twitter card tags additive with the og: tags --> <meta name="twitter:card" content="summary"> <meta name="twitter:url" content="https://nlnetlabs.nl/projects/nsd/security-advisories/"> <meta name="twitter:title" content="NSD - Security Advisories"> <meta name="twitter:description" content="We take security very seriously. If you have found a security issue in NSD, please submit a security report. Local symlink attack Date:2020-12-01 CVE:CVE-2020-28935 Credit:Mason Loring Bliss Affects:NSD 4.3.3 and earlier versions Not affected:NSD 4.3.4 and later Severity:Low Impact:Denial …"> <meta name="twitter:site" content="@nlnetlabs"> <meta name="twitter:domain" content="nlnetlabs.nl"> <meta name="twitter:image:src" content="https://nlnetlabs.nl/static/logos/NLnetLabs/Mark_NLnet_Labs.png"> <meta name="twitter:creator" content="@nlnetlabs"><link rel="stylesheet" href="https://use.typekit.net/cxt3dey.css"> <link rel="stylesheet" href="/theme/css/custom.css" /> <link href="https://use.fontawesome.com/releases/v5.0.11/css/all.css" rel="stylesheet"> <script defer src="https://use.fontawesome.com/releases/v5.0.11/js/all.js"></script> <link href="https://nlnetlabs.nl/feeds/all.atom.xml" type="application/atom+xml" rel="alternate" title="NLnet Labs Atom Feed" /> <link href="https://nlnetlabs.nl/feeds/all.rss.xml" type="application/rss+xml" rel="alternate" title="NLnet Labs RSS Feed" /> </head> <body class="ie11-no-flex "> <header id="banner" class=""> <nav class="navbar navbar-expand-md navbar-light border-bottom box-shadow"> <a class="navbar-brand" href="/"> <img src="/static/logos/NLnetLabs/Logo_NLnet_Labs_cropped.svg" width="200" class="d-inline-block align-center img-fluid" alt="Home"> <span class="sr-only">NLnet Labs</span> </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNavAltMarkup" aria-controls="navbarNavAltMarkup" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarNavAltMarkup"> <div class="navbar-nav"> <div class="nav-item dropdown"> <a class="nav-item nav-link dropdown-toggle" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Software</a> <div class="dropdown-menu"> <div class="sub-title">DNS</div> <a class="dropdown-item " href="/projects/unbound/about/" > Unbound </a> <a class="dropdown-item " href="/projects/nsd/about/" > NSD </a> <a class="dropdown-item external-link" href="https://www.opendnssec.org" target="_blank"> OpenDNSSEC </a> <a class="dropdown-item " href="/projects/ldns/about/" > ldns </a> <a class="dropdown-item " href="/projects/domain/about/" > domain </a> <div class="sub-title">Routing</div> <a class="dropdown-item " href="/projects/routing/krill/" > Krill </a> <a class="dropdown-item " href="/projects/routing/routinator/" > Routinator </a> <a class="dropdown-item " href="/projects/routing/rtrtr/" > RTRTR </a> <a class="dropdown-item " href="/projects/routing/rotonda/" > Rotonda </a> </div> </div> <div class="nav-item dropdown"> <a class="nav-item nav-link dropdown-toggle" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Support</a> <div class="dropdown-menu"> <a class="dropdown-item " href="/support/software-support-policy/" > Support Policy </a> <a class="dropdown-item " href="/support/mailing-lists/" > Mailing Lists </a> <a class="dropdown-item " href="/support/security-advisories/" > Security Advisories </a> <div class="dropdown-divider"></div> <a class="dropdown-item " href="/services/contracts/" > Support Contracts </a> <a class="dropdown-item " href="/services/consultancy/" > Consultancy </a> </div> </div> <div class="nav-item dropdown"> <a class="nav-item nav-link dropdown-toggle" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Documentation</a> <div class="dropdown-menu"> <div class="sub-title">DNS</div> <a class="dropdown-item external-link" href="https://unbound.docs.nlnetlabs.nl/" target="_blank"> Unbound </a> <a class="dropdown-item external-link" href="https://nsd.docs.nlnetlabs.nl/" target="_blank"> NSD </a> <a class="dropdown-item " href="/documentation/ldns/" > ldns </a> <div class="sub-title">Routing</div> <a class="dropdown-item external-link" href="https://krill.docs.nlnetlabs.nl/" target="_blank"> Krill </a> <a class="dropdown-item external-link" href="https://routinator.docs.nlnetlabs.nl/" target="_blank"> Routinator </a> <a class="dropdown-item external-link" href="https://rtrtr.docs.nlnetlabs.nl/" target="_blank"> RTRTR </a> <a class="dropdown-item external-link" href="https://rotonda.docs.nlnetlabs.nl/" target="_blank"> Rotonda </a> </div> </div> <div class="nav-item dropdown"> <a class="nav-item nav-link dropdown-toggle" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Community</a> <div class="dropdown-menu"> <a class="dropdown-item " href="/community/IETF" > Standardisation </a> <a class="dropdown-item " href="/community/operations" > Operations </a> <a class="dropdown-item " href="/community/policy" > Policy </a> <a class="dropdown-item " href="/community/presentations" > Presentations </a> <a class="dropdown-item " href="/community/publications" > Publications </a> </div> </div> <div class="nav-item dropdown"> <a class="nav-item nav-link dropdown-toggle" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Research</a> <div class="dropdown-menu"> <a class="dropdown-item " href="/research/about/" > Research Vision </a> <a class="dropdown-item " href="/research/projects/" > Projects </a> <a class="dropdown-item " href="/research/collaborations/" > Collaborations </a> <a class="dropdown-item " href="/research/publications/" > Publications </a> <a class="dropdown-item " href="/research/student-projects" > Student Projects </a> <a class="dropdown-item " href="/research/other/" > Other Activities </a> </div> </div> <a class="nav-item nav-link " href="/about/" > About </a> <a class="nav-item nav-link " href="/sponsors/" > Sponsors </a> <a class="nav-item nav-link external-link" href="https://blog.nlnetlabs.nl/" target="_blank"> Blog </a> </div> <a href="/funding/" class="d-md-none donate-button">Support Us</a> </div> <a href="/funding/" class="d-none d-md-inline-block donate-button">Support Us</a> </nav> </header> <div class="container p-3 mt-3"> <div class="row "> <section id="content" class="col main-content"> <div class="m-0 p-0 mb-3"> <h1><small class="font-weight-bold">NSD</small></h1> <ul class="list-inline"> <li class="list-inline-item"> <a href="/projects/nsd/about/">About</a> </li> <li class="list-inline-item"> <a href="/projects/nsd/download/">Download</a> </li> <li class="list-inline-item"> <a href="/projects/nsd/support/">Support</a> </li> <li class="list-inline-item"> <a href="/projects/nsd/rfc-compliance/">RFC Compliance</a> </li> <li class="list-inline-item"> Security Advisories </li> </ul> <div class="border border-black page-title-underbar"></div> </div> <p class="lead">We take security very seriously. If you have found a security issue in NSD, please <a class="reference external" href="/security-report/">submit a security report</a>.</p> <hr class="docutils"/> <div class="section" id="local-symlink-attack"> <h2>Local symlink attack</h2> <table class="docutils field-list" frame="void" rules="none"> <col class="field-name"/> <col class="field-body"/> <tbody> <tr class="field"><th class="field-name">Date:</th><td class="field-body">2020-12-01</td> </tr> <tr class="field"><th class="field-name">CVE:</th><td class="field-body"><a class="reference external" href="/downloads/nsd/CVE-2020-28935.txt">CVE-2020-28935</a></td> </tr> <tr class="field"><th class="field-name">Credit:</th><td class="field-body">Mason Loring Bliss</td> </tr> <tr class="field"><th class="field-name">Affects:</th><td class="field-body">NSD 4.3.3 and earlier versions</td> </tr> <tr class="field"><th class="field-name">Not affected:</th><td class="field-body">NSD 4.3.4 and later</td> </tr> <tr class="field"><th class="field-name">Severity:</th><td class="field-body">Low</td> </tr> <tr class="field"><th class="field-name">Impact:</th><td class="field-body">Denial of Service</td> </tr> <tr class="field"><th class="field-name">Solution:</th><td class="field-body">Upgrade to NSD 4.3.4 or newer</td> </tr> </tbody> </table> <p>NSD when writing and later chown'ing the PID file would not check if an existing file was a symlink. This is a local vulnerability that could create a Denial of Service of the system NSD is running on. It requires an attacker having access to the limited permission user NSD runs as and point through the symlink to a critical file on the system.</p> <p><a class="reference external" href="/projects/nsd/download/#nsd-4-3-4">NSD 4.3.4</a> contains a patch. If you cannot upgrade you can also apply <a class="reference external" href="/downloads/nsd/patch_cve-2020-28935_nsd.diff">the patch</a> manually. To do this, apply the patch on the NSD source directory with <tt class="docutils literal">patch <span class="pre">-p1</span> &lt; <span class="pre">patch_cve-2020-28935_nsd.diff</span></tt> and then run <tt class="docutils literal">make install</tt> to install NSD.</p> </div> <hr class="docutils"/> <div class="section" id="nsd-time-sensitive-tsig-compare-vulnerability"> <h2>NSD time sensitive TSIG compare vulnerability</h2> <table class="docutils field-list" frame="void" rules="none"> <col class="field-name"/> <col class="field-body"/> <tbody> <tr class="field"><th class="field-name">Date:</th><td class="field-body">2018-07-30</td> </tr> <tr class="field"><th class="field-name">Credit:</th><td class="field-body">Ondrej Sury (ISC)</td> </tr> <tr class="field"><th class="field-name">Affects:</th><td class="field-body">NSD 4.1.22 and earlier versions</td> </tr> <tr class="field"><th class="field-name">Not affected:</th><td class="field-body">NSD 4.1.23 and later</td> </tr> <tr class="field"><th class="field-name">Severity:</th><td class="field-body">Low</td> </tr> <tr class="field"><th class="field-name">Impact:</th><td class="field-body">Potential key leakage</td> </tr> <tr class="field"><th class="field-name">Solution:</th><td class="field-body">Upgrade to NSD 4.1.23 or newer</td> </tr> </tbody> </table> <p>NSD uses TSIG to protect zone transfers. The TSIG code uses a secret key to protect the data. The secret key is shared with both sides of the zone transfer connection. The comparison code in NSD was not time insensitive, causing the potential for an attacker to use timing information to discover data about the key contents.</p> </div> <hr class="docutils"/> <div class="section" id="denial-of-service-via-a-zone-transfer-with-unlimited-data"> <h2>Denial of service via a zone transfer with unlimited data</h2> <table class="docutils field-list" frame="void" rules="none"> <col class="field-name"/> <col class="field-body"/> <tbody> <tr class="field"><th class="field-name">Date:</th><td class="field-body">2016-07-06</td> </tr> <tr class="field"><th class="field-name">CVE:</th><td class="field-body"><a class="reference external" href="https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790">CVE-2016-6173</a></td> </tr> <tr class="field"><th class="field-name">Credit:</th><td class="field-body">Toshifumi Sakaguchi</td> </tr> <tr class="field"><th class="field-name">Affects:</th><td class="field-body">NSD 4.1.10 and earlier versions</td> </tr> <tr class="field"><th class="field-name">Not affected:</th><td class="field-body">Other versions</td> </tr> <tr class="field"><th class="field-name">Severity:</th><td class="field-body">Medium</td> </tr> <tr class="field"><th class="field-name">Impact:</th><td class="field-body">Denial of Service</td> </tr> <tr class="field"><th class="field-name">Solution:</th><td class="field-body">Upgrade to NSD 4.1.11 or newer</td> </tr> </tbody> </table> <p>NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. <tt class="docutils literal"><span class="pre">size-limit-xfr</span></tt> was implemented in NSD 4.1.11 to stop it from downloading infinite zone transfer data size.</p> </div> </section> <aside class="sidepanel"> <div class="sticky"> <div class="section" id="logo"> <p><img alt="NSD logo" class="visible-on-sidebar" src="https://nlnetlabs.nl/static/logos/NSD/NSD_FC_Shaded_cropped.svg" style="height: 60px;"></p> </div> <div class="section" id="most-recent-version"> <h2>Most Recent Version</h2> <p><a href="/downloads/nsd/nsd-4.11.1.tar.gz">NSD 4.11.1</a> (.tar.gz)</p> </div> <div class="section" id="change-log"> <h2>Change Log</h2> <p><a href="https://github.com/NLnetLabs/nsd/blob/NSD_4_11_1_REL/doc/ChangeLog">NSD 4.11.1</a></p> </div> <div class="section" id="documentation"> <h2>Documentation</h2> <p><a href="https://nsd.docs.nlnetlabs.nl/">User Guide</a><br> <a href="/documentation/nsd/">Manual pages</a></p> </div> <div class="section" id="source-code"> <h2>Source Code</h2> <p><a href="https://github.com/NLnetLabs/nsd">Browse GitHub Repository</a></p> </div> <div class="section" id="mailing-list"> <h2>Mailing List</h2> <p><a href="https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users">nsd-users</a></p> </div> <div class="section" id="bug-reporting"> <h2>Bug Reporting</h2> <p><a href="https://github.com/NLnetLabs/nsd/issues">GitHub issues</a></p> </div> <div class="section" id="sponsor"> <iframe src="https://github.com/sponsors/NLnetLabs/button" title="Sponsor NLnetLabs" height="35" width="116" style="border: 0;"></iframe> </div> </div> </aside> </div> </div> <footer id="footer" class="mt-auto pt-3 pb-1 bg-black text-white border-top border-primary"> <div class="container"> <div class="row"> <div class="col-12 col-sm-10 mb-3"> <div class="container-fluid"> <div class="row"> <div class="col sr-only"><h2>Further navigation</h2></div> <div class="d-md-none col-12"> <nav> <ul class="list-inline"> <li class="list-inline-item"><a href="/news/" >News</a> </li> <li class="list-inline-item"><a href="/people/" >People</a> </li> <li class="list-inline-item"><a href="/careers/culture/" >Careers</a> </li> <li class="list-inline-item"><a href="/organisation/" >Our Organisation</a> </li> <li class="list-inline-item"><a href="/conduct/" >Code of Conduct</a> </li> <li class="list-inline-item"><a href="/privacy-and-cookie-statement/" >Privacy Statement</a> </li> <li class="list-inline-item"><a href="/security-report/" >Submit Security Report</a> </li> </ul> </nav> </div> <div class="d-none d-md-block col-12 col-md-3"> <nav> <ul class="list-unstyled"> <li><a href="/news/" >News</a></li> <li><a href="/people/" >People</a></li> <li><a href="/careers/culture/" >Careers</a></li> <li><a href="/organisation/" >Our Organisation</a></li> <li><a href="/conduct/" >Code of Conduct</a></li> <li><a href="/privacy-and-cookie-statement/" >Privacy Statement</a></li> <li><a href="/security-report/" >Submit Security Report</a></li> </ul> </nav> </div> <div class="col-12 col-md-3 mb-3 pt-1"> <a title="masdoton" rel="me" href="https://fosstodon.org/@nlnetlabs" aria-label="mastodon"><span class="fab fa-mastodon fa-2x"></span></a> <a title="github" href="https://github.com/NLnetLabs" aria-label="github"><span class="fab fa-github fa-2x"></span></a> <a title="docker" href="https://hub.docker.com/u/nlnetlabs/" aria-label="docker"><span class="fab fa-docker fa-2x"></span></a> <a title="linkedin" href="https://www.linkedin.com/company/92855/" aria-label="linkedin"><span class="fab fa-linkedin fa-2x"></span></a> </div> <div class="col-12 col-md-6"> <address> Stichting NLnet Labs <br /> Science Park 400, 1098 XH Amsterdam, The Netherlands </address> <p> General contact address: <a href="mailto:labs@nlnetlabs.nl">labs@nlnetlabs.nl</a> <br /> For product support please use our <a href="/support/mailing-lists/">mailing lists.</a> </p> <p> NLnet Labs is a non-profit Public Benefit Organisation (<i>Algemeen Nut Beogende Instelling</i> or ANBI). </p> </div> <div class="w-100"></div> <div class="col offset-md-6"> &copy;&nbsp;2025&nbsp;Stichting NLnet Labs </div> </div> </div> </div> <div class="to-the-top"> <a href="#"><img src="/static/icons/go_to_the_top.png" height="60" alt="go to the top"></a> </div> </div> </div> </footer> <script src="/theme/js/jquery-3.2.1.min.js"></script> <script src="/theme/js/bootstrap.min.js"></script> <script src="/static/js/analytics.js"></script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10