3571e53040
patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so)
86 lines
2.7 KiB
Text
86 lines
2.7 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA1
|
|
|
|
=============================================================================
|
|
FreeBSD-SA-11:03.bind Security Advisory
|
|
The FreeBSD Project
|
|
|
|
Topic: Remote packet Denial of Service against named(8) servers
|
|
|
|
Category: contrib
|
|
Module: bind
|
|
Announced: 2011-09-28
|
|
Credits: Roy Arends
|
|
Affects: 8.2-STABLE after 2011-05-28 and prior to the correction date
|
|
Corrected: 2011-07-06 00:50:54 UTC (RELENG_8, 8.2-STABLE)
|
|
CVE Name: CVE-2011-2464
|
|
|
|
Note: This advisory concerns a vulnerability which existed only in
|
|
the FreeBSD 8-STABLE branch and was fixed over two months prior to the
|
|
date of this advisory.
|
|
|
|
For general information regarding FreeBSD Security Advisories,
|
|
including descriptions of the fields above, security branches, and the
|
|
following sections, please visit <URL:http://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
|
|
The named(8) daemon is an Internet Domain Name Server.
|
|
|
|
II. Problem Description
|
|
|
|
A logic error in the BIND code causes the BIND daemon to accept bogus
|
|
data, which could cause the daemon to crash.
|
|
|
|
III. Impact
|
|
|
|
An attacker able to send traffic to the BIND daemon can cause it to
|
|
crash, resulting in a denial of service.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available, but systems not running the BIND name server
|
|
are not affected.
|
|
|
|
V. Solution
|
|
|
|
Upgrade your vulnerable system to 8-STABLE dated after the correction
|
|
date.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the revision numbers of each file that was
|
|
corrected in FreeBSD.
|
|
|
|
CVS:
|
|
|
|
Branch Revision
|
|
Path
|
|
- -------------------------------------------------------------------------
|
|
RELENG_8
|
|
src/contrib/bind9/lib/dns/message.c 1.3.2.3
|
|
- -------------------------------------------------------------------------
|
|
|
|
Subversion:
|
|
|
|
Branch/path
|
|
Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/8/ r223815
|
|
- -------------------------------------------------------------------------
|
|
|
|
VII. References
|
|
|
|
http://www.isc.org/software/bind/advisories/cve-2011-2464
|
|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
|
|
|
|
The latest revision of this advisory is available at
|
|
http://security.FreeBSD.org/advisories/FreeBSD-SA-11:03.bind.asc
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v2.0.18 (FreeBSD)
|
|
|
|
iEYEARECAAYFAk6C4CYACgkQFdaIBMps37LwQgCeIDVGsCWOLoVdmWogOOaPC1UG
|
|
9G8AoJPlRbNmkEWMg7uoOYrvjWlRRdlK
|
|
=aUvD
|
|
-----END PGP SIGNATURE-----
|