CVE-2009-1755

Name of the Vulnerable Software and Affected Versions nsd versions 2.3.7 through 3.2.1

Description The issue is related to an off-by-one error in the packet read query section function in packet.c and process query section in query.c, which can lead to a denial of service (crash) and potentially allow the execution of arbitrary code via unspecified vectors that trigger a buffer overflow. Additionally, there are multiple vulnerabilities in the nsd package that can lead to disruption of protected information, and these vulnerabilities can be exploited remotely.

Recommendations For nsd version 2.3.7, consider disabling the process query section function in query.c as a temporary workaround until a patch is available. For nsd version 3.2.1, consider disabling the packet read query section function in packet.c as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.