138 lines
4.9 KiB
Text
138 lines
4.9 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-SA-16:28.bind Security Advisory
|
|
The FreeBSD Project
|
|
|
|
Topic: BIND remote Denial of Service vulnerability
|
|
|
|
Category: contrib
|
|
Module: bind
|
|
Announced: 2016-10-10
|
|
Credits: ISC
|
|
Affects: FreeBSD 9.x
|
|
Corrected: 2016-09-28 06:11:01 UTC (stable/9, 9.3-STABLE)
|
|
2016-10-10 07:19:16 UTC (releng/9.3, 9.3-RELEASE-p48)
|
|
CVE Name: CVE-2016-2776
|
|
|
|
For general information regarding FreeBSD Security Advisories,
|
|
including descriptions of the fields above, security branches, and the
|
|
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
|
|
The named(8) daemon is an Internet Domain Name Server.
|
|
|
|
II. Problem Description
|
|
|
|
Testing by ISC has uncovered a critical error condition which can occur when
|
|
a nameserver is constructing a response. A defect in the rendering of
|
|
messages into packets can cause named to exit with an assertion failure in
|
|
buffer.c while constructing a response to a query that meets certain
|
|
criteria.
|
|
|
|
This assertion can be triggered even if the apparent source address is not
|
|
allowed to make queries (i.e. doesn't match 'allow-query'). [CVE-2016-2776]
|
|
|
|
III. Impact
|
|
|
|
A remote attacker who can send queries to a server running BIND can cause
|
|
the server to crash, resulting in a Denial of Service condition.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available, but hosts not running named(8) are not
|
|
vulnerable.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
|
release / security branch (releng) dated after the correction date.
|
|
|
|
The named service has to be restarted after the update. A reboot is
|
|
recommended but not required.
|
|
|
|
2) To update your vulnerable system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
The named service has to be restarted after the update. A reboot is
|
|
recommended but not required.
|
|
|
|
3) To update your vulnerable system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 9.3]
|
|
# fetch https://security.FreeBSD.org/patches/SA-16:28/bind.patch
|
|
# fetch https://security.FreeBSD.org/patches/SA-16:28/bind.patch.asc
|
|
# gpg --verify bind.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
Restart the named service, or reboot the system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/9/ r306394
|
|
releng/9.3/ r306942
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://kb.isc.org/article/AA-01419>
|
|
|
|
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v2.1.13 (FreeBSD)
|
|
|
|
iQIcBAEBCgAGBQJX+0OlAAoJEO1n7NZdz2rnt/cQAJJ/P9/cNH4mB3Oq9kks1TJI
|
|
thye1Bmd6BAS16UYj+S2POSkrwkTJLhg/Rtch/4O1TUJ7q86Dko/0nciF/4Qin/J
|
|
LrNhX2TUUTpQygfWdzTqdk9EiHLKT46sNh1Two4Lb9gMuBulES9Fy40gj8y81ypv
|
|
uys05i6DMAlY/EsmidTHFKUGGC9160XLS7wFWnlw9XglDHn2+pIDALHl77mmoXwR
|
|
VKiCbGO6IybDV5bATh12eflCSb+IJRT0MMOwJAt3Nhzp//7t2tf+izazzfs43IH4
|
|
HRkiDfkkxqAMus6h0Dm4xR91oe/oSzlEedKFM3ctHfQqyIi+AP0FKixf8pS72n7o
|
|
M0W5vIbkMSuTsiOTzyQUJpQ3tExvWeZjhNZj9U5trs2YNdPCRaM3pETUdF6GZmNC
|
|
tnPiTZFst3ARsy/4oJg8Eeo/cyrd/sfPm4fXCbXkakL7ml/Mu+/KEyq5qw43FIXn
|
|
96/btRfHsPSpy74KRtLsqSM29eCK9puGhJIk1iBtuhuTvze/48Od7U5zWOjn8XiS
|
|
o4oOyCtm3nQfB8VIzfypFAIUFFOqfHmsfP3s51J9tUXjxvORO3UWD3/R2wXLre2Y
|
|
Z5+s7IUhesunZztGtaUFCqG28KCrzmSiIVXGRd/IsQCuTJ4DNiUFZofKYdI0B7fE
|
|
hrSETFwDg/OYusZ5/96D
|
|
=v9vM
|
|
-----END PGP SIGNATURE-----
|