140 lines
5 KiB
Text
140 lines
5 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-SA-15:27.bind Security Advisory
|
|
The FreeBSD Project
|
|
|
|
Topic: BIND remote denial of service vulnerability
|
|
|
|
Category: contrib
|
|
Module: bind
|
|
Announced: 2015-12-16
|
|
Credits: ISC
|
|
Affects: FreeBSD 9.x
|
|
Corrected: 2015-12-16 06:10:05 UTC (stable/9, 9.3-STABLE)
|
|
2015-12-16 06:21:26 UTC (releng/9.3, 9.3-RELEASE-p32)
|
|
CVE Name: CVE-2015-8000
|
|
|
|
For general information regarding FreeBSD Security Advisories,
|
|
including descriptions of the fields above, security branches, and the
|
|
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
|
|
The named(8) daemon is an Internet Domain Name Server. The libdns
|
|
library is a library of DNS protocol support functions.
|
|
|
|
II. Problem Description
|
|
|
|
An error in the parsing of incoming responses allows some records with an
|
|
incorrect class to be be accepted by BIND instead of being rejected as
|
|
malformed. This can trigger a REQUIRE assertion failure when those records
|
|
are subsequently cached.
|
|
|
|
III. Impact
|
|
|
|
An attacker who can cause a server to request a record with a malformed class
|
|
attribute can use this bug to trigger a REQUIRE assertion in db.c, causing
|
|
named to exit and denying service to clients.
|
|
|
|
The risk to recursive servers is high. Authoritative servers are at limited
|
|
risk if they perform authentication when making recursive queries to resolve
|
|
addresses for servers listed in NS RRSETs.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available, but hosts not running named(8) are not
|
|
vulnerable.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
|
release / security branch (releng) dated after the correction date.
|
|
|
|
The named service has to be restarted after the update. A reboot is
|
|
recommended but not required.
|
|
|
|
2) To update your vulnerable system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
The named service has to be restarted after the update. A reboot is
|
|
recommended but not required.
|
|
|
|
3) To update your vulnerable system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 9.3]
|
|
# fetch https://security.FreeBSD.org/patches/SA-15:27/bind.patch
|
|
# fetch https://security.FreeBSD.org/patches/SA-15:27/bind.patch.asc
|
|
# gpg --verify bind.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
Restart the applicable daemons, or reboot the system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/9/ r292320
|
|
releng/9.3/ r292321
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://kb.isc.org/article/AA-01317>
|
|
|
|
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:27.bind.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v2.1.8 (FreeBSD)
|
|
|
|
iQIcBAEBCgAGBQJWcQOeAAoJEO1n7NZdz2rnpUoQAIjWIowpcRnteiQ8xJFnebHN
|
|
iXj0vEWBGXofefDF1QzMZe0+mu688Brw1UGC89alhJVKfcmUP66okW5KP+4KDWUp
|
|
+jkIqjw0VLrWztc8V+YzGKkbFNprvYUKhzJJ/Y5TLjadqGRc5BBBDxwzY+9CnDfC
|
|
P+OzaTHwO2HIrqclt5nVyhgBTXSGZHai6Eyw2fBuhmEqbOWNr4cBu8IVhAtvw6SR
|
|
0lFSSITZ2z6YrDTq7l7fkeJwv+MnerpBXfe57P6r6tbDzzmsmZiNKABsk9wW2lkP
|
|
kuOTf14VNoMySCwQ60PUEtflERCTJ/QRZxZTbBRh4YZXJxPsERwj3dlfguMA/5Pq
|
|
sO9cxbhSKdoaiswKev67uVUkJXCePb8YIfcxui9Wj5YgcYaN5Au9F/tX2xMmWwfp
|
|
2+XwiRkLoNao+NYrx6hAJjWxAUTZJJJhWvu6L7mpBiImsqczd5AJq52bqD/C2M5C
|
|
v0acQ6ozNz2Fdkxy4YA1kuXm1STwFuCAfWSVYOpaLz42PeRrHzfqXFuAsoJCp8k1
|
|
2m2pFgLgQKGhje6XY9rtaFPLulGFDOem8tdYDHH94lgToinVIZ/+GcMbV4My7vr/
|
|
gWRnbzxr8J8/kdhUSp2+rlwnpdPEhgfcnxzwwr9F6duuwb5lLYCqNH/N4SOxRIAV
|
|
En2VQ4vrDSCP7rszpvI7
|
|
=89Kp
|
|
-----END PGP SIGNATURE-----
|