os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/advisories/FreeBSD-SA-09:04.bind.asc
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

452 lines
28 KiB
Text
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:04.bind Security Advisory
The FreeBSD Project
Topic: BIND DNSSEC incorrect checks for malformed signatures
Category: contrib
Module: bind
Announced: 2009-01-13
Credits: Google Security Team
Affects: All supported FreeBSD versions
Corrected: 2009-01-10 03:00:21 UTC (RELENG_7, 7.1-STABLE)
2009-01-13 21:19:27 UTC (RELENG_7_1, 7.1-RELEASE-p2)
2009-01-13 21:19:27 UTC (RELENG_7_0, 7.0-RELEASE-p9)
2009-01-10 04:30:27 UTC (RELENG_6, 6.4-STABLE)
2009-01-13 21:19:27 UTC (RELENG_6_4, 6.4-RELEASE-p3)
2009-01-13 21:19:27 UTC (RELENG_6_3, 6.3-RELEASE-p9)
CVE Name: CVE-2009-0025
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server. DNS Security
Extensions (DNSSEC) are additional protocol options that add
authentication as part of responses to DNS queries.
FreeBSD includes software from the OpenSSL Project. The OpenSSL
Project is a collaborative effort to develop a robust,
commercial-grade, full-featured Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography
library.
II. Problem Description
The DSA_do_verify() function from OpenSSL is used to determine if a
DSA digital signature is valid. When DNSSEC is used within BIND it
uses DSA_do_verify() to verify DSA signatures, but checks the function
return value incorrectly.
III. Impact
It is in theory possible to spoof a DNS reply even though DNSSEC
is set up to validate answers. This could be used by an attacker for
man-in-the-middle or other spoofing attacks.
IV. Workaround
Disable the the DSA algorithm in named.conf. This will cause answers
from zones signed only with DSA to be treated as insecure. Add the
following to the options section of named.conf:
disable-algorithms . { DSA; };
NOTE WELL: If named(8) is not explicitly set to use DNSSEC the setup is
not vulnerable to the issue as described in this Security Advisory.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.3, 6.4,
7.0, and 7.1 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch
# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/bind
# make obj && make depend && make && make install
# cd /usr/src/usr.sbin/named
# make obj && make depend && make && make install
# /etc/rc.d/named restart
c) Install and use a fixed version of BIND from the FreeBSD Ports
Collection.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
src/contrib/bind9/CHANGES 1.1.1.3.2.10
src/contrib/bind9/FAQ 1.1.1.2.2.5
src/contrib/bind9/FAQ.xml 1.1.1.1.2.5
src/contrib/bind9/README 1.1.1.2.2.6
src/contrib/bind9/aclocal.m4 1.1.4.1
src/contrib/bind9/bin/dig/dig.1 1.1.1.1.4.4
src/contrib/bind9/bin/dig/dig.c 1.1.1.2.2.4
src/contrib/bind9/bin/dig/dig.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/dig/dig.html 1.1.1.1.4.4
src/contrib/bind9/bin/dig/dighost.c 1.1.1.2.2.5
src/contrib/bind9/bin/dig/host.1 1.1.1.1.4.4
src/contrib/bind9/bin/dig/host.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/dig/host.html 1.1.1.1.4.4
src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.1.4.4
src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.1.4.4
src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.1.4.4
src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.2.2.4
src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.1.4.4
src/contrib/bind9/bin/named/client.c 1.1.1.2.2.7
src/contrib/bind9/bin/named/config.c 1.1.1.2.2.4
src/contrib/bind9/bin/named/controlconf.c 1.1.1.1.4.4
src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.1.4.2
src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.1.4.4
src/contrib/bind9/bin/named/lwresd.8 1.1.1.1.4.4
src/contrib/bind9/bin/named/lwresd.c 1.1.1.1.4.3
src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/named/lwresd.html 1.1.1.1.4.4
src/contrib/bind9/bin/named/main.c 1.1.1.2.2.3
src/contrib/bind9/bin/named/named.8 1.1.1.1.4.4
src/contrib/bind9/bin/named/named.conf.5 1.1.1.2.2.4
src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.2.2.5
src/contrib/bind9/bin/named/named.conf.html 1.1.1.2.2.4
src/contrib/bind9/bin/named/named.docbook 1.1.1.1.4.4
src/contrib/bind9/bin/named/named.html 1.1.1.1.4.4
src/contrib/bind9/bin/named/query.c 1.1.1.1.4.6
src/contrib/bind9/bin/named/server.c 1.1.1.2.2.6
src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.2.2.2
src/contrib/bind9/bin/named/unix/os.c 1.1.1.2.2.4
src/contrib/bind9/bin/named/update.c 1.1.1.2.2.4
src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.1.4.2
src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.4.1
src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.1.4.4
src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.1.4.4
src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.2.2.1
src/contrib/bind9/bin/rndc/rndc.c 1.1.1.3.2.3
src/contrib/bind9/config.h.in 1.1.4.1
src/contrib/bind9/configure.in 1.1.1.2.2.6
src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.2.2
src/contrib/bind9/lib/bind/api 1.1.1.2.2.4
src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/config.h.in 1.1.1.2.2.4
src/contrib/bind9/lib/bind/configure.in 1.1.1.2.2.5
src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.2.2.4
src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.1.4.4
src/contrib/bind9/lib/bind/dst/support.c 1.1.1.1.4.2
src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.1.4.1
src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.1.4.1
src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.1.4.1
src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.1.4.2
src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.1.4.4
src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.1.4.2
src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.1.4.2
src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.1.4.2
src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.2.2.4
src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.1.4.2
src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.1.4.2
src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind9/api 1.1.1.2.2.4
src/contrib/bind9/lib/bind9/check.c 1.1.1.2.2.4
src/contrib/bind9/lib/dns/adb.c 1.1.1.2.2.4
src/contrib/bind9/lib/dns/api 1.1.1.2.2.7
src/contrib/bind9/lib/dns/cache.c 1.1.1.1.4.3
src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.6
src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.5
src/contrib/bind9/lib/dns/journal.c 1.1.1.2.2.3
src/contrib/bind9/lib/dns/masterdump.c 1.1.1.1.4.2
src/contrib/bind9/lib/dns/message.c 1.1.1.1.4.5
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.3
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.3
src/contrib/bind9/lib/dns/rbt.c 1.1.1.2.2.3
src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.1.4.1
src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.1.4.1
src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.1.4.2
src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.1.4.1
src/contrib/bind9/lib/dns/request.c 1.1.1.1.4.4
src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.10
src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.5
src/contrib/bind9/lib/dns/view.c 1.1.1.1.4.2
src/contrib/bind9/lib/dns/xfrin.c 1.1.1.2.2.5
src/contrib/bind9/lib/isc/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/isc/api 1.1.1.2.2.5
src/contrib/bind9/lib/isc/assertions.c 1.1.1.1.4.1
src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.1.4.1
src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.2.2.2
src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.1.4.1
src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.1.4.2
src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.4.1
src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.1.4.2
src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.1.4.3
src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.1.4.4
src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.1.4.1
src/contrib/bind9/lib/isc/mem.c 1.1.1.1.4.3
src/contrib/bind9/lib/isc/portset.c 1.1.4.1
src/contrib/bind9/lib/isc/print.c 1.1.1.1.4.2
src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.1.4.3
src/contrib/bind9/lib/isc/timer.c 1.1.1.1.4.5
src/contrib/bind9/lib/isc/unix/app.c 1.1.1.1.4.3
src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.1.4.1
src/contrib/bind9/lib/isc/unix/net.c 1.1.1.1.4.3
src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.1.4.3
src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.2.2.5
src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.1.4.2
src/contrib/bind9/lib/isc/unix/time.c 1.1.1.1.4.1
src/contrib/bind9/lib/isccfg/api 1.1.1.2.2.4
src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.2.2.5
src/contrib/bind9/version 1.1.1.3.2.10
RELENG_6_4
src/UPDATING 1.416.2.40.2.6
src/sys/conf/newvers.sh 1.69.2.18.2.9
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.4.1
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.2.2.1
RELENG_6_3
src/UPDATING 1.416.2.37.2.14
src/sys/conf/newvers.sh 1.69.2.15.2.13
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.2.1
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.1.2.1
RELENG_7
src/contrib/bind9/CHANGES 1.1.1.10.2.4
src/contrib/bind9/COPYRIGHT 1.1.1.4.2.3
src/contrib/bind9/FAQ 1.1.1.6.2.2
src/contrib/bind9/FAQ.xml 1.1.1.4.2.2
src/contrib/bind9/README 1.1.1.7.2.2
src/contrib/bind9/aclocal.m4 1.1.2.1
src/contrib/bind9/bin/check/check-tool.c 1.1.1.3.2.2
src/contrib/bind9/bin/check/named-checkconf.c 1.1.1.4.2.1
src/contrib/bind9/bin/check/named-checkzone.c 1.1.1.3.2.2
src/contrib/bind9/bin/dig/dig.1 1.1.1.4.2.2
src/contrib/bind9/bin/dig/dig.c 1.1.1.5.2.2
src/contrib/bind9/bin/dig/dig.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/dig/dig.html 1.1.1.4.2.2
src/contrib/bind9/bin/dig/dighost.c 1.1.1.5.2.3
src/contrib/bind9/bin/dig/host.1 1.1.1.4.2.2
src/contrib/bind9/bin/dig/host.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/dig/host.html 1.1.1.4.2.2
src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.4.2.2
src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.4.2.2
src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.4.2.2
src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.5.2.2
src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.4.2.2
src/contrib/bind9/bin/named/client.c 1.1.1.6.2.4
src/contrib/bind9/bin/named/config.c 1.1.1.4.2.3
src/contrib/bind9/bin/named/controlconf.c 1.1.1.3.2.2
src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.3.2.1
src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.3.2.2
src/contrib/bind9/bin/named/lwaddr.c 1.1.1.2.2.1
src/contrib/bind9/bin/named/lwdgnba.c 1.1.1.2.2.1
src/contrib/bind9/bin/named/lwdnoop.c 1.1.1.2.2.1
src/contrib/bind9/bin/named/lwresd.8 1.1.1.4.2.2
src/contrib/bind9/bin/named/lwresd.c 1.1.1.3.2.2
src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/named/lwresd.html 1.1.1.4.2.2
src/contrib/bind9/bin/named/main.c 1.1.1.5.2.1
src/contrib/bind9/bin/named/named.8 1.1.1.4.2.2
src/contrib/bind9/bin/named/named.conf.5 1.1.1.5.2.2
src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.5.2.3
src/contrib/bind9/bin/named/named.conf.html 1.1.1.5.2.2
src/contrib/bind9/bin/named/named.docbook 1.1.1.4.2.2
src/contrib/bind9/bin/named/named.html 1.1.1.4.2.2
src/contrib/bind9/bin/named/query.c 1.1.1.6.2.2
src/contrib/bind9/bin/named/server.c 1.1.1.6.2.4
src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.3.2.1
src/contrib/bind9/bin/named/unix/os.c 1.1.1.5.2.1
src/contrib/bind9/bin/named/update.c 1.1.1.5.2.2
src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.2.1
src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.4.2.2
src/contrib/bind9/bin/nsupdate/nsupdate.c 1.1.1.5.2.2
src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.4.2.2
src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.3.2.1
src/contrib/bind9/bin/rndc/rndc.8 1.1.1.4.2.2
src/contrib/bind9/bin/rndc/rndc.c 1.1.1.6.2.2
src/contrib/bind9/bin/rndc/rndc.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/rndc/rndc.html 1.1.1.4.2.2
src/contrib/bind9/config.h.in 1.1.2.1
src/contrib/bind9/configure.in 1.1.1.6.2.3
src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.10.2
src/contrib/bind9/lib/bind/api 1.1.1.5.2.2
src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/config.h.in 1.1.1.4.2.3
src/contrib/bind9/lib/bind/configure.in 1.1.1.5.2.3
src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.5.2.2
src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.4.2.2
src/contrib/bind9/lib/bind/dst/support.c 1.1.1.3.2.1
src/contrib/bind9/lib/bind/include/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.2.2.1
src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.2.2.1
src/contrib/bind9/lib/bind/include/isc/eventlib.h 1.1.1.3.2.1
src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.2.2.1
src/contrib/bind9/lib/bind/include/isc/platform.h.in 1.2.2.1
src/contrib/bind9/lib/bind/include/netdb.h 1.1.1.4.2.1
src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.3.2.1
src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/inet/inet_network.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.3.2.1
src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.4.2.1
src/contrib/bind9/lib/bind/irs/getnetgrent.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/irs/getnetgrent_r.c 1.1.1.4.2.1
src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.3.2.1
src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.2.2.2
src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/isc/logging.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.4.2.1
src/contrib/bind9/lib/bind/port_before.h.in 1.1.1.4.2.2
src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.3.2.1
src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.3.2.1
src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/resolv/res_send.c 1.1.1.4.2.1
src/contrib/bind9/lib/bind9/api 1.1.1.5.2.2
src/contrib/bind9/lib/bind9/check.c 1.1.1.5.2.4
src/contrib/bind9/lib/dns/acache.c 1.1.1.1.2.1
src/contrib/bind9/lib/dns/adb.c 1.1.1.5.2.2
src/contrib/bind9/lib/dns/api 1.1.1.6.2.4
src/contrib/bind9/lib/dns/cache.c 1.1.1.4.2.1
src/contrib/bind9/lib/dns/dispatch.c 1.1.1.4.2.4
src/contrib/bind9/lib/dns/dst_parse.c 1.1.1.2.2.1
src/contrib/bind9/lib/dns/dst_parse.h 1.1.1.2.2.1
src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.3.2.4
src/contrib/bind9/lib/dns/journal.c 1.1.1.4.2.2
src/contrib/bind9/lib/dns/master.c 1.1.1.2.2.2
src/contrib/bind9/lib/dns/masterdump.c 1.1.1.3.2.1
src/contrib/bind9/lib/dns/message.c 1.1.1.4.2.2
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.2
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.2.1
src/contrib/bind9/lib/dns/rbt.c 1.1.1.4.2.1
src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.2
src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.2.2.1
src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.2.2.1
src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.2.2.1
src/contrib/bind9/lib/dns/rdata/in_1/apl_42.c 1.1.1.2.2.1
src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.2.2.1
src/contrib/bind9/lib/dns/request.c 1.1.1.3.2.2
src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.4
src/contrib/bind9/lib/dns/rootns.c 1.1.1.2.2.2
src/contrib/bind9/lib/dns/sdb.c 1.1.1.2.2.2
src/contrib/bind9/lib/dns/tkey.c 1.1.1.4.2.1
src/contrib/bind9/lib/dns/tsig.c 1.1.1.4.2.2
src/contrib/bind9/lib/dns/validator.c 1.1.1.6.2.2
src/contrib/bind9/lib/dns/view.c 1.1.1.2.2.2
src/contrib/bind9/lib/dns/xfrin.c 1.1.1.5.2.3
src/contrib/bind9/lib/dns/zone.c 1.1.1.5.2.2
src/contrib/bind9/lib/isc/Makefile.in 1.1.1.2.2.2
src/contrib/bind9/lib/isc/api 1.1.1.5.2.3
src/contrib/bind9/lib/isc/assertions.c 1.1.1.2.2.1
src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.2.2.1
src/contrib/bind9/lib/isc/include/isc/lex.h 1.1.1.2.2.1
src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.3.2.1
src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.2.2.1
src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.2.2.2
src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.2.1
src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.2.2.2
src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.2.2.2
src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.3.2.2
src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.2.2.1
src/contrib/bind9/lib/isc/mem.c 1.1.1.3.2.2
src/contrib/bind9/lib/isc/portset.c 1.1.2.1
src/contrib/bind9/lib/isc/print.c 1.1.1.3.2.1
src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.3.2.1
src/contrib/bind9/lib/isc/timer.c 1.1.1.4.2.3
src/contrib/bind9/lib/isc/unix/app.c 1.1.1.2.2.2
src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.2.2.1
src/contrib/bind9/lib/isc/unix/net.c 1.1.1.3.2.2
src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.2.2.2
src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.5.2.3
src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.2.2.2
src/contrib/bind9/lib/isc/unix/time.c 1.1.1.2.2.1
src/contrib/bind9/lib/isccfg/api 1.1.1.4.2.3
src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.5.2.2
src/contrib/bind9/lib/lwres/api 1.1.1.5.2.2
src/contrib/bind9/make/rules.in 1.1.1.4.2.2
src/contrib/bind9/version 1.1.1.10.2.4
RELENG_7_1
src/UPDATING 1.507.2.13.2.5
src/sys/conf/newvers.sh 1.72.2.9.2.6
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.6.1
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.4.1
RELENG_7_0
src/UPDATING 1.507.2.3.2.13
src/sys/conf/newvers.sh 1.72.2.5.2.13
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.4.1
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.2.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/6/ r187002
releng/6.4/ r187194
releng/6.3/ r187194
stable/7/ r186997
releng/7.1/ r187194
releng/7.0/ r187194
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc
https://www.isc.org/node/373
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:04.bind.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iD8DBQFJbRUmFdaIBMps37IRAonEAJsFQFtZGTz6tXFc5TSRMLhB1hxb6QCeI0Pd
ZFPKsX8/XspOTzRWA1h3QPk=
=dpqG
-----END PGP SIGNATURE-----
Reference in a new issue View git blame Copy permalink