Hello Everyone,
ISC has released new versions of BIND 8 which address a remotely
exploitable denial-of-service vulnerability that may allow an attacker
to perform `negative cache poisoning'--- convincing a name server that
certain RRs do not exist (even though they may). I do not know of any
workaround at this time.
I have committed fixes to the RELENG_5_1 and RELENG_4_9 security
branches. Due to personal obligations this evening [*], I will
likely not update RELENG_4_8 and RELENG_4_7 until sometime tomorrow.
Likewise, the advisory will follow tomorrow. However, you can find
patches at the following URLs:
[FreeBSD -CURRENT, -STABLE, 4.9]
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch.asc
[FreeBSD 5.1, 4.8]
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch.asc
[FreeBSD 4.7, 4.6, 4.5, 4.4]
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch.asc
(If you don't find them at ftp.freebsd.org, try ftp2.freebsd.org.)
I expect Doug Barton will upgrade BIND 8 in -STABLE and -CURRENT
tonight or tomorrow.
Cheers,
--
Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal
nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se
[*] Happy Thanksgiving to those celebrating it, by the way!
----- Forwarded message from Jacques Vidrine <nectar@FreeBSD.org> -----
Date: Wed, 26 Nov 2003 16:54:53 -0800 (PST)
From: Jacques Vidrine <nectar@FreeBSD.org>
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src UPDATING src/sys/conf newvers.sh src/contrib/bind
Version src/contrib/bind/bin/named ns_resp.c
Message-Id: <200311270054.hAR0srnr052777@repoman.freebsd.org>
nectar 2003/11/26 16:54:53 PST
FreeBSD src repository
Modified files: (Branch: RELENG_5_1)
. UPDATING
sys/conf newvers.sh
contrib/bind Version
contrib/bind/bin/named ns_resp.c
Log:
Correct a remote denial-of-service attack in named(8).
Revision Changes Path
1.251.2.13 +3 -0 src/UPDATING
1.1.1.11.2.1 +1 -1 src/contrib/bind/Version
1.1.1.11.2.1 +9 -3 src/contrib/bind/bin/named/ns_resp.c
1.50.2.13 +1 -1 src/sys/conf/newvers.sh
----- End forwarded message -----
----- Forwarded message from Jacques Vidrine <nectar@FreeBSD.org> -----
Date: Wed, 26 Nov 2003 16:56:06 -0800 (PST)
From: Jacques Vidrine <nectar@FreeBSD.org>
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src UPDATING src/sys/conf newvers.sh src/contrib/bind
Version src/contrib/bind/bin/named ns_resp.c
Message-Id: <200311270056.hAR0u62k052941@repoman.freebsd.org>
nectar 2003/11/26 16:56:06 PST
FreeBSD src repository
Modified files: (Branch: RELENG_4_9)
. UPDATING
sys/conf newvers.sh
contrib/bind Version
contrib/bind/bin/named ns_resp.c
Log:
Correct a remote denial-of-service attack in named(8).
Revision Changes Path
1.73.2.89.2.2 +12 -0 src/UPDATING
1.1.1.3.2.9.2.1 +1 -1 src/contrib/bind/Version
1.1.1.2.2.10.2.1 +9 -3 src/contrib/bind/bin/named/ns_resp.c
1.44.2.32.2.2 +1 -1 src/sys/conf/newvers.sh
----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-security/attachments/20031126/ebc96c3f/attachment.bin
