139 lines
5.1 KiB
Text
139 lines
5.1 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-SA-15:17.bind Security Advisory
|
|
The FreeBSD Project
|
|
|
|
Topic: BIND remote denial of service vulnerability
|
|
|
|
Category: contrib
|
|
Module: bind
|
|
Announced: 2015-07-28
|
|
Credits: ISC
|
|
Affects: FreeBSD 8.x and FreeBSD 9.x.
|
|
Corrected: 2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE)
|
|
2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21)
|
|
2015-07-28 19:58:54 UTC (stable/8, 8.4-STABLE)
|
|
2015-07-28 19:59:22 UTC (releng/8.4, 8.4-RELEASE-p35)
|
|
CVE Name: CVE-2015-5477
|
|
|
|
For general information regarding FreeBSD Security Advisories,
|
|
including descriptions of the fields above, security branches, and the
|
|
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
|
|
The named(8) daemon is an Internet Domain Name Server.
|
|
|
|
II. Problem Description
|
|
|
|
An error in the handling of TKEY queries can be exploited by an attacker
|
|
for use as a denial-of-service vector, as a constructed packet can use
|
|
the defect to trigger a REQUIRE assertion failure, causing BIND to exit.
|
|
|
|
III. Impact
|
|
|
|
A remote attacker can trigger a crash of a name server. Both recursive and
|
|
authoritative servers are affected, and the exposure can not be mitigated
|
|
by either ACLs or configuration options limiting or denying service because
|
|
the exploitable code occurs early in the packet handling, before checks
|
|
enforcing those boundaries.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available, but systems that are not running BIND are not
|
|
vulnerable.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
|
release / security branch (releng) dated after the correction date.
|
|
|
|
The named service has to be restarted after the update. A reboot is
|
|
recommended but not required.
|
|
|
|
2) To update your vulnerable system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
The named service has to be restarted after the update. A reboot is
|
|
recommended but not required.
|
|
|
|
3) To update your vulnerable system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
# fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch
|
|
# fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch.asc
|
|
# gpg --verify bind.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
Restart the applicable daemons, or reboot the system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/8/ r285977
|
|
releng/8.4/ r285980
|
|
stable/9/ r285977
|
|
releng/9.3/ r285980
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://kb.isc.org/article/AA-01272>
|
|
|
|
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:17.bind.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v2.1.6 (FreeBSD)
|
|
|
|
iQIcBAEBCgAGBQJVt+FdAAoJEO1n7NZdz2rnmAQQAK66bHEYirTecgswG+eiePfU
|
|
lcX46GdLU/OQ/3MHpmc6XQKz9kpJ+Inh8K8IvAJ1SXH41zk/xOtUgqbkUcgkGrS1
|
|
gBVKUC8SF82ll/1FUlORoJc+g+TQgax00Il/GweRVoL0RpU9S/YSnc6OLc0nWzBq
|
|
osweYaHBNRL6lBmUtAHYu1tyvGvHLlfTNk6NCtUxtWeXKe+urYFx4ViJKCU8dJ+U
|
|
F26nQb/3vH93WOEaNjSDHYWypl9qtous5hpOtXr76ofhID67EyOKmPPEC5+6jP/6
|
|
wkdMu7loVewI5K7ZF+zaNxr8CQESurCRkMX3qJSBNCfSw55sdcfKl4BO65SCxLH7
|
|
vXoh+B+Wbof2n3xAcEJNufOdiRQfTxlP1UMWIy00wvdB+VcOCDdD7TUB1kksxzpy
|
|
aXxePRdKLjvkPDiWy17BBpxq8JIfy+41a+N7Fm/hDgUJOYGDAMr27WJLx8MHzY3k
|
|
+B014IVvTnHkf0yo5ue5raTpgUr0TVCfwD3eqJOM9iUuOI8vj9h44FpP6R8KNyQA
|
|
mVI/wikVJfYAgmAkHqqRVEHeA8aWJsVNkmrKLHFDkLDdw6umr7oOHfXQo1hk7k7V
|
|
+2JEa09kp2AYNGYZkiFG/7jiCZ9GLCvAzKW1v1g8fRsBl+QA1PjW0Rg7HcRmZiwM
|
|
VfNsARSWl2y/t8Gnrfgx
|
|
=40iD
|
|
-----END PGP SIGNATURE-----
|