By default djbdns has a size-limited UDP response buffer. If the UDP response overflows this buffer it's treated as "no response received", resulting in a denial of service. Options are: 1. Increase the default response buffer size (limited fix). 2. Dynamically increase the buffer size (multiple back and forth to find the right buffer size). 3. Fall back to TCP. Patch to follow. One could argue this a "denial of service" security issue, but don't think this is of such a nature that public disclosure isn't responsible, therefore I'm disclosing it here - it definitely doesn't cause the process to deadlock/stop. Not sure if DJB would consider this a security issue, although this is present in his original code (https://cr.yp.to/djbdns/guarantee.html specifically excludes Denial-of-service attacks). Reproducible: Always
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b938f9f9a917d3bacb73ef914c371dfc5f2d8ebe commit b938f9f9a917d3bacb73ef914c371dfc5f2d8ebe Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2024-05-27 14:37:52 +0000 Commit: Viorel Munteanu <ceamac@gentoo.org> CommitDate: 2024-05-27 15:08:30 +0000 net-dns/djbdns: 1.05-r40 Work around local receive overflow bug. Bug: https://bugs.gentoo.org/932846 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/36841 Signed-off-by: Viorel Munteanu <ceamac@gentoo.org> net-dns/djbdns/djbdns-1.05-r40.ebuild | 143 +++++++++++++++++++++ ...dp-overflow-response-buffer-truncate-nov6.patch | 13 ++ ...-udp-overflow-response-buffer-truncate-v6.patch | 34 +++++ 3 files changed, 190 insertions(+)
Question is, can we "emergency" stable? Is this considered a security issue by Gentoo? It's certainly a denial of service ... but is it a security issue in this specific case?
ppc64 done
sparc done
x86 done
amd64 done
ppc done all arches done
