137 lines
5 KiB
Text
137 lines
5 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-SA-15:11.bind Security Advisory
|
|
The FreeBSD Project
|
|
|
|
Topic: BIND resolver remote denial of service when validating
|
|
|
|
Category: contrib
|
|
Module: bind
|
|
Announced: 2015-07-07
|
|
Credits: ISC
|
|
Affects: FreeBSD 8.4 and FreeBSD 9.3.
|
|
Corrected: 2015-07-07 21:43:23 UTC (stable/9, 9.3-STABLE)
|
|
2015-07-07 21:44:01 UTC (releng/9.3, 9.3-RELEASE-p19)
|
|
2015-07-07 21:43:23 UTC (stable/8, 8.4-STABLE)
|
|
2015-07-07 21:44:01 UTC (releng/8.4, 8.4-RELEASE-p33)
|
|
CVE Name: CVE-2015-4620
|
|
|
|
For general information regarding FreeBSD Security Advisories,
|
|
including descriptions of the fields above, security branches, and the
|
|
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
BIND 9 is an implementation of the Domain Name System (DNS) protocol.
|
|
The named(8) daemon is an Internet Domain Name Server. The libdns
|
|
library is a library of DNS protocol support functions.
|
|
|
|
II. Problem Description
|
|
|
|
Due to a software defect, specially constructed zone data could cause
|
|
named(8) to crash with an assertion failure and rejecting the malformed
|
|
query when DNSSEC validation is enabled.
|
|
|
|
III. Impact
|
|
|
|
An attacker who can cause specific queries to be sent to a nameserver
|
|
could cause named(8) to crash, resulting in a denial of service.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available, but hosts not running named(8) are not
|
|
vulnerable.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
|
release / security branch (releng) dated after the correction date.
|
|
|
|
2) To update your vulnerable system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
3) To update your vulnerable system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 9.3]
|
|
# fetch https://security.FreeBSD.org/patches/SA-15:11/bind-9.patch
|
|
# fetch https://security.FreeBSD.org/patches/SA-15:11/bind-9.patch.asc
|
|
# gpg --verify bind-9.patch.asc
|
|
|
|
[FreeBSD 8.4]
|
|
# fetch https://security.FreeBSD.org/patches/SA-15:11/bind-8.patch
|
|
# fetch https://security.FreeBSD.org/patches/SA-15:11/bind-8.patch.asc
|
|
# gpg --verify bind-8.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
Restart the applicable daemons, or reboot the system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/8/ r285257
|
|
releng/8.4/ r285258
|
|
stable/9/ r285257
|
|
releng/9.3/ r285258
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://kb.isc.org/article/AA-01267/>
|
|
|
|
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:11.bind.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v2.1.5 (FreeBSD)
|
|
|
|
iQIcBAEBCgAGBQJVnEi/AAoJEO1n7NZdz2rnw4cP/jg5odJDqjzynxVweq+rCo7q
|
|
10Wwa5Is3BOFAMxE+qVvIyjPKwBTlYOud4Lwp9+6GXpEa6DQDTrqwGsgsEKsqrNN
|
|
WF8mfOhsSSHuhKNdcCT3+9/ERhdS6JwmvIgMhmEvBAWhf2HA6FRPQ1J6TP0ZoGKm
|
|
0x745/cqiYM4eCwH8kbC1tmMYBHqYapuI9aTZ8iuiddBR1lunE03GVlNn1A6e2U6
|
|
CUt6rHNslup4C7sGq6fBt/5qlJZ4yOGCXHDys9l0OSeYUfKohbDi2TILhoMhio2x
|
|
8OdFIdr5U7sOtLPirbfLAUTb1C/H/BsKZfIX3Ff7iZQruVQrU4hKR1hd+GjZQb2G
|
|
5foI9jP3AIRZ3xaHjH0Y95/4diJz+nauH5BTeD9OLGJC3Mg/NsVVtoflg3o+AWKn
|
|
692ovG1csdkT598K0VV7Kp36n4tR43SPFZ8bqo8TMdt40H9imaN7ghXOFhpG1Yw8
|
|
A6EU/yHJ5Jn9XyGM0E803pFodZEQk8wM8/LllA1txz85eDy+6HOQsxJeROcwJFeH
|
|
rtzJ6bweqV3keJPkP/AR+QLqFMEbySHp2al7uGAIHyd/3fGlvWhP10CTyxvG7ucY
|
|
Ak9PwH11UTw+RexOhOTWF+Bz9A5vVWG/wDPfGFLbhdmK00gX4y9xNOk2/QP6fTL3
|
|
8Sz9sMkdOx3Vrbq+PPmu
|
|
=SVcF
|
|
-----END PGP SIGNATURE-----
|