fkie_nvd - fkie_cve-2009-1755

fkie_cve-2009-1755

Vulnerability from fkie_nvd

Published

2009-05-22 11:52

Modified

2025-04-09 00:30

Severity ?

Summary

Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.

References

URL	Tags
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418	Patch
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420	Patch
cve@mitre.org	http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html	Patch, Vendor Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2009/05/19/1
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418	Patch
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/05/19/1

Impacted products

Vendor	Product	Version
nlnetlabs	nsd	2.0.0
nlnetlabs	nsd	2.0.1
nlnetlabs	nsd	2.0.2
nlnetlabs	nsd	2.1.0
nlnetlabs	nsd	2.1.1
nlnetlabs	nsd	2.1.2
nlnetlabs	nsd	2.1.3
nlnetlabs	nsd	2.1.4
nlnetlabs	nsd	2.1.5
nlnetlabs	nsd	2.2.0
nlnetlabs	nsd	2.2.1
nlnetlabs	nsd	2.3.0
nlnetlabs	nsd	2.3.2
nlnetlabs	nsd	2.3.3
nlnetlabs	nsd	2.3.4
nlnetlabs	nsd	2.3.5
nlnetlabs	nsd	2.3.6
nlnetlabs	nsd	2.3.7
nlnetlabs	nsd	3.0.0
nlnetlabs	nsd	3.0.1
nlnetlabs	nsd	3.0.2
nlnetlabs	nsd	3.0.3
nlnetlabs	nsd	3.0.4
nlnetlabs	nsd	3.0.5
nlnetlabs	nsd	3.0.6
nlnetlabs	nsd	3.0.7
nlnetlabs	nsd	3.0.8
nlnetlabs	nsd	3.1.0
nlnetlabs	nsd	3.1.1
nlnetlabs	nsd	3.2.0
nlnetlabs	nsd	3.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA12233C-34CA-4A3B-AB2C-401829B8DA05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F345D78-50BC-4864-8B53-7B1A1835DBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "87F6182D-40D3-4C1E-BFB3-D40ED196EC19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0327A1-9C84-46B7-860E-D44B5B9D92F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC9FC9E-AE68-4456-84E4-51E9E07958E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A138F0-65EA-445E-A20B-7D1693CF220F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B07B18F-6812-4081-859C-1F8528B90D6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "11EA7531-BBFB-4F37-8A17-F7437F753A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EDDA911-2FB6-433D-A283-086CF62366F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "452610BB-AD3B-4E11-B5A4-F0EDB01E83BE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C1FD4DE-683C-461F-B9E5-0C6AA44B3AC1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "382C31E7-2975-45D9-8C46-CB9B2F07C6AA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E71B058-E805-421F-BD38-F1A4C626215E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10037B7D-EF60-455F-9FF1-6550D0E92FC6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC7774E2-D0E8-4909-AF4E-54661D2C0973",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCC85A36-702E-4B52-9938-CACEADECD68F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8E0AF8-5E1A-4D74-8942-35C9E2350132",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7104EE-D481-495E-B06E-ADBCC1A6ACA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E347F8C-AB1F-4967-9C85-055214798ECE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEDA235-5B80-4816-86C5-C83A45878A3E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22BC2EBF-9241-4FE1-A730-9F9BB6E2777C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3180CAA2-1518-4750-98DE-F64821297034",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BCFAEA-AC1F-4D3E-B473-A6081D423BEB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA25A60-DD5F-4FE8-A6CC-1695232E3D95",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C326A66B-457E-4130-A214-ED265576F448",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "140464BA-39D7-4B63-92F9-9D6E09CFF6DE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E86C924A-6CD8-4D9A-8CFC-E4AD4CC9331E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A818B06C-8798-460D-AE5A-93162CB758A0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3755E217-23CB-42EF-90E8-020D5796226B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F341E55C-DB91-4D7B-91AE-076525C52A1F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "760CF611-A8BF-4E96-9F21-0796FBC8A521",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow."
    },
    {
      "lang": "es",
      "value": "Error de superaci\u00f3n del l\u00edmite en la funci\u00f3n packet_read_query_section en packet.c en nsd v3.2.1, y process_query_section en query.c en nsd v2.3.7, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no espec\u00edficos que provocan el desbordamiento de b\u00fafer.\r\n"
    }
  ],
  "id": "CVE-2009-1755",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-05-22T11:52:40.547",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-1755 (GCVE-0-2009-1755)

Vulnerability from cvelistv5

Published

2009-05-22 01:00