FreeBSD Security Advisories
2011-Sep-28 09:06 UTC
FreeBSD Security Advisory FreeBSD-SA-11:03.bind
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================FreeBSD-SA-11:03.bind Security Advisory The FreeBSD Project Topic: Remote packet Denial of Service against named(8) servers Category: contrib Module: bind Announced: 2011-09-28 Credits: Roy Arends Affects: 8.2-STABLE after 2011-05-28 and prior to the correction date Corrected: 2011-07-06 00:50:54 UTC (RELENG_8, 8.2-STABLE) CVE Name: CVE-2011-2464 Note: This advisory concerns a vulnerability which existed only in the FreeBSD 8-STABLE branch and was fixed over two months prior to the date of this advisory. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. I. Background BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. II. Problem Description A logic error in the BIND code causes the BIND daemon to accept bogus data, which could cause the daemon to crash. III. Impact An attacker able to send traffic to the BIND daemon can cause it to crash, resulting in a denial of service. IV. Workaround No workaround is available, but systems not running the BIND name server are not affected. V. Solution Upgrade your vulnerable system to 8-STABLE dated after the correction date. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_8 src/contrib/bind9/lib/dns/message.c 1.3.2.3 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r223815 - ------------------------------------------------------------------------- VII. References http://www.isc.org/software/bind/advisories/cve-2011-2464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-11:03.bind.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk6C4CYACgkQFdaIBMps37LwQgCeIDVGsCWOLoVdmWogOOaPC1UG 9G8AoJPlRbNmkEWMg7uoOYrvjWlRRdlK =aUvD -----END PGP SIGNATURE-----
On Wed, Sep 28, 2011 at 4:05 PM, FreeBSD Security Advisories <security-advisories@freebsd.org> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================> FreeBSD-SA-11:03.bind ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Security Advisory > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?The FreeBSD Project > > Topic: ? ? ? ? ?Remote packet Denial of Service against named(8) servers > > Category: ? ? ? contrib > Module: ? ? ? ? bind > Announced: ? ? ?2011-09-28 > Credits: ? ? ? ?Roy Arends > Affects: ? ? ? ?8.2-STABLE after 2011-05-28 and prior to the correction date > Corrected: ? ? ?2011-07-06 00:50:54 UTC (RELENG_8, 8.2-STABLE) > CVE Name: ? ? ? CVE-2011-2464 > > Note: This advisory concerns a vulnerability which existed only in > the FreeBSD 8-STABLE branch and was fixed over two months prior to the > date of this advisory. > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:http://security.FreeBSD.org/>. > > I. ? Background > > BIND 9 is an implementation of the Domain Name System (DNS) protocols. > The named(8) daemon is an Internet Domain Name Server. > > II. ?Problem Description > > A logic error in the BIND code causes the BIND daemon to accept bogus > data, which could cause the daemon to crash. > > III. Impact > > An attacker able to send traffic to the BIND daemon can cause it to > crash, resulting in a denial of service. > > IV. ?Workaround > > No workaround is available, but systems not running the BIND name server > are not affected. > > V. ? Solution > > Upgrade your vulnerable system to 8-STABLE dated after the correction > date. > > VI. ?Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > CVS: > > Branch ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Revision > ?Path > - ------------------------------------------------------------------------- > RELENG_8 > ?src/contrib/bind9/lib/dns/message.c ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1.3.2.3 > - ------------------------------------------------------------------------- > > Subversion: > > Branch/path > Revision > - ------------------------------------------------------------------------- > stable/8/ ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? r223815 > - ------------------------------------------------------------------------- > > VII. References > > http://www.isc.org/software/bind/advisories/cve-2011-2464 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-11:03.bind.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.18 (FreeBSD) > > iEYEARECAAYFAk6C4CYACgkQFdaIBMps37LwQgCeIDVGsCWOLoVdmWogOOaPC1UG > 9G8AoJPlRbNmkEWMg7uoOYrvjWlRRdlK > =aUvD > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >Only updating to 8.X for solution? there is no patch for this advisory? Thank You -- budsz
On Sat, Oct 1, 2011 at 1:35 AM, budsz <budiyt@gmail.com> wrote:> Only updating to 8.X for solution? there is no patch for this advisory?Patches are for RELEASE. For development branches, you update your source tree and build the system from that. All of this is explained in the handbook section 24.5.2.1: STABLE "is simply another engineering development track, not a resource for end-users." http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html