From owner-freebsd-security@FreeBSD.ORG Mon Jul 30 01:54:22 2007 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DDC3316A41B; Mon, 30 Jul 2007 01:54:22 +0000 (UTC) (envelope-from joel@auscert.org.au) Received: from titania.auscert.org.au (gw.auscert.org.au [203.5.112.28]) by mx1.freebsd.org (Postfix) with ESMTP id 622F813C457; Mon, 30 Jul 2007 01:54:22 +0000 (UTC) (envelope-from joel@auscert.org.au) Received: from app.auscert.org.au (app [10.0.1.192]) by titania.auscert.org.au (8.12.10/8.12.10) with ESMTP id l6U1cL3Y067613; Mon, 30 Jul 2007 11:38:21 +1000 (EST) Received: from app.auscert.org.au (localhost.auscert.org.au [127.0.0.1]) by app.auscert.org.au (8.13.6/8.13.6) with ESMTP id l6U1cKQ4024921; Mon, 30 Jul 2007 11:38:20 +1000 (EST) (envelope-from joel@app.auscert.org.au) Message-Id: <200707300138.l6U1cKQ4024921@app.auscert.org.au> To: "Simon L. Nielsen" In-Reply-To: Your message of "Fri, 27 Jul 2007 11:07:29 +0200." <20070727090729.GA1004@zaphod.nitro.dk> Date: Mon, 30 Jul 2007 11:38:20 +1000 From: Joel Hatton X-Mailman-Approved-At: Mon, 30 Jul 2007 02:26:48 +0000 Cc: freebsd-security@FreeBSD.org, freebsd-stable@FreeBSD.org, Joel Hatton Subject: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 01:54:23 -0000 Hi Simon, Thanks very much for the patch :) On Fri, 27 Jul 2007 11:07:29 +0200, "Simon L. Nielsen" wrote: > >Your patch is very close to the "correct"/cleaner patch which is >attached. How exactly does it fail without your patch? Does it say >"cannot open : No such file or directory" and then no jails start when >booting (that would be my guess from a quick check of the bug)? Sure does: eval: cannot open : No such file or directory and no jails start. > >Would it be possible for you to test the attached patch and see if it >fixes the issue for you? It does indeed. I was actually pretty foolish in the way that I addressed it, now that I see what your patch does. I was so busy scratching my head at the variables before the 'while' loop that I didn't see that the problem was in the ${_fstab} being fed to it on stdin! > >I haven't heard of this issue before, so not many people are using 5.5 >with jails. The bug was certainly introduced as a merge error in the >with the patch for FreeBSD-SA-07:01.jail. Or maybe they're not patching often enough? Actually, my suspicion is that not many are using the jail_example_mount_enable variable, because without this set the responsible code is never called. > >As this is clearly a bug in a Security Advisory patch and RELENG_5 / >RELENG_5_5 are still supported I expect that an updated advisory will >be released to fix this bug shortly. > >Thanks for reporting the issue, and sorry about the bad patch :-(. No problem! It feels good to help :) I never implement new patches into my prod environment before testing, so this has basically been an interesting exercise for me. cheers, joel -- Joel Hatton -- Infrastructure Manager | Hotline: +61 7 3365 4417 AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 The University of Queensland | WWW: www.auscert.org.au Qld 4072 Australia | Email: auscert@auscert.org.au From owner-freebsd-security@FreeBSD.ORG Wed Aug 1 21:26:08 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF22316A41B; Wed, 1 Aug 2007 21:26:08 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AF17D13C46B; Wed, 1 Aug 2007 21:26:08 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (simon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l71LQ8bU068186; Wed, 1 Aug 2007 21:26:08 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l71LQ8Il068184; Wed, 1 Aug 2007 21:26:08 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 1 Aug 2007 21:26:08 GMT Message-Id: <200708012126.l71LQ8Il068184@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 21:26:08 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:01.jail Security Advisory The FreeBSD Project Topic: Jail rc.d script privilege escalation Category: core Module: etc_rc.d Announced: 2007-01-11 Credits: Dirk Engling Affects: All FreeBSD releases since 5.3 Corrected: 2007-01-11 18:16:58 UTC (RELENG_6, 6.2-STABLE) 2007-01-11 18:17:24 UTC (RELENG_6_2, 6.2-RELEASE) 2007-01-11 18:18:08 UTC (RELENG_6_1, 6.1-RELEASE-p12) 2007-01-11 18:18:35 UTC (RELENG_6_0, 6.0-RELEASE-p17) 2007-08-01 20:47:13 UTC (RELENG_5, 5.5-STABLE) 2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15) CVE Name: CVE-2007-0166 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0. Revision History v1.0 2007-01-11 Initial release. v1.1 2007-08-01 Corrected patch for FreeBSD 5.5. I. Background The jail(2) system call allows a system administrator to lock a process and all of its descendants inside an environment with a very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more powerful than, the traditional UNIX chroot(2) system call. The host's jail rc.d(8) script can be used to start and stop jails automatically on system boot/shutdown. II. Problem Description In multiple situations the host's jail rc.d(8) script does not check if a path inside the jail file system structure is a symbolic link before using the path. In particular this is the case when writing the output from the jail start-up to /var/log/console.log and when mounting and unmounting file systems inside the jail directory structure. III. Impact Due to the lack of handling of potential symbolic links the host's jail rc.d(8) script is vulnerable to "symlink attacks". By replacing /var/log/console.log inside the jail with a symbolic link it is possible for the superuser (root) inside the jail to overwrite files on the host system outside the jail with arbitrary content. This in turn can be used to execute arbitrary commands with non-jailed superuser privileges. Similarly, by changing directory mount points inside the jail file system structure into symbolic links, it may be possible for a jailed attacker to mount file systems which were meant to be mounted inside the jail at arbitrary points in the host file system structure, or to unmount arbitrary file systems on the host system. NOTE WELL: The above vulnerabilities occur only when a jail is being started or stopped using the host's jail rc.d(8) script; once started (and until stopped), running jails cannot exploit this. IV. Workaround If the sysctl(8) variable security.jail.chflags_allowed is set to 0 (the default), setting the "sunlnk" system flag on /var, /var/log, /var/log/console.log, and all file system mount points and their parent directories inside the jail(s) will ensure that the console log file and mount points are not replaced by symbolic links. If this is done while jails are running, the administrator must check that an attacker has not replaced any directories with symlinks after setting the "sunlnk" flag. V. Solution NOTE WELL: The solution described changes the default location of the "console.log" for jails from /var/log/console.log inside each jail to /var/log/jail_${jail_name}_console.log on host system. If this is a problem, it may be possible to create a hard link from the new position of the console log file to a location inside the jail. A new rc.conf(5) variable, jail_${jail_name}_consolelog, can be used to change the location of console.log files on a per-jail basis. In addition, the solution described below does not fully secure jail configurations where two jails have overlapping directory trees and a file system is mounted inside the overlap. Overlapping directory trees can occur when jails share the same root directory; when a jail has a root directory which is a subdirectory of another jail's root directory; or when a part of the file system space of one jail is mounted inside the file system space of another jail, e.g., using nullfs or unionfs. To handle overlapping jails safely the administrator must set the sysctl(8) variable security.jail.chflags_allowed to 0 (the default) and manually set the "sunlnk" file/directory flag on all mount points and all parent directories of mount points. If this is done while jails are running, the adminstrator must check that an attacker has not replaced any directories with symlinks after setting the "sunlnk" flag. Perform one of the following: 1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the RELENG_6_1, RELENG_6_0, or RELENG_5_5 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 5.5, 6.0, and 6.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 5.5] # fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch # fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch.asc [FreeBSD 6.0] # fetch http://security.FreeBSD.org/patches/SA-07:01/jail60.patch # fetch http://security.FreeBSD.org/patches/SA-07:01/jail60.patch.asc [FreeBSD 6.1] # fetch http://security.FreeBSD.org/patches/SA-07:01/jail61.patch # fetch http://security.FreeBSD.org/patches/SA-07:01/jail61.patch.asc NOTE: The patch distributed at the time of the original advisory was incorrect for FreeBSD 5.5 (both RELENG_5 and RELENG_5_5). Systems to which the original patch was applied should be patched with the following corrective patch, which contains only the changes between the original and updated patch: # fetch http://security.FreeBSD.org/patches/SA-07:01/jail5-correction.patch # fetch http://security.FreeBSD.org/patches/SA-07:01/jail5-correction.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # install -o root -g wheel -m 555 etc/rc.d/jail /etc/rc.d VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_5 src/etc/rc.d/jail 1.15.2.7 RELENG_5_5 src/UPDATING 1.342.2.35.2.15 src/sys/conf/newvers.sh 1.62.2.21.2.17 src/etc/rc.d/jail 1.15.2.5.2.2 RELENG_6 src/etc/rc.d/jail 1.23.2.9 RELENG_6_2 src/UPDATING 1.416.2.29.2.2 src/etc/rc.d/jail 1.23.2.7.2.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.14 src/sys/conf/newvers.sh 1.69.2.11.2.14 src/etc/rc.d/jail 1.23.2.3.2.3 RELENG_6_0 src/UPDATING 1.416.2.3.2.22 src/sys/conf/newvers.sh 1.69.2.8.2.18 src/etc/rc.d/jail 1.23.2.2.2.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0166 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-07:01.jail.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGsPfrFdaIBMps37IRAgksAJ4yGy3zTBcr2N+TbDoTlN3aHUA8QQCgi/8B It4pOMoA0QMzAp8HxUWo+xU= =9tTT -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Wed Aug 1 21:27:00 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 69F1316A5AB; Wed, 1 Aug 2007 21:27:00 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4320D13C461; Wed, 1 Aug 2007 21:27:00 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (simon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l71LR0Lh068296; Wed, 1 Aug 2007 21:27:00 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l71LR0nY068294; Wed, 1 Aug 2007 21:27:00 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 1 Aug 2007 21:27:00 GMT Message-Id: <200708012127.l71LR0nY068294@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-07:06.tcpdump X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 21:27:00 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:06.tcpdump Security Advisory The FreeBSD Project Topic: Buffer overflow in tcpdump(1) Category: contrib Module: tcpdump Announced: 2007-08-01 Credits: "mu-b" Affects: All supported versions of FreeBSD Corrected: 2007-08-01 20:42:48 UTC (RELENG_6, 6.2-STABLE) 2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7) 2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19) 2007-08-01 20:47:13 UTC (RELENG_5, 5.5-STABLE) 2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15) CVE Name: CVE-2007-3798 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Tcpdump is a commonly used network diagnostic utility which decodes packets received on the wire into human readable format. II. Problem Description An un-checked return value in the BGP dissector code can result in an integer overflow. This value is used in subsequent buffer management operations, resulting in a stack based buffer overflow under certain circumstances. III. Impact By crafting malicious BGP packets, an attacker could exploit this vulnerability to execute code or crash the tcpdump process on the target system. This code would be executed in the context of the user running tcpdump(1). It should be noted that tcpdump(1) requires privileges in order to open live network interfaces. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 5.5, 6.1, and 6.2 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-07:06/tcpdump.patch # fetch http://security.FreeBSD.org/patches/SA-07:06/tcpdump.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.sbin/tcpdump/tcpdump # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_5 src/contrib/tcpdump/print-bgp.c 1.1.1.5.2.2 RELENG_5_5 src/UPDATING 1.342.2.35.2.15 src/sys/conf/newvers.sh 1.62.2.21.2.17 src/contrib/tcpdump/print-bgp.c 1.1.1.5.2.1.2.1 RELENG_6 src/contrib/tcpdump/print-bgp.c 1.1.1.8.2.1 RELENG_6_2 src/UPDATING 1.416.2.29.2.10 src/sys/conf/newvers.sh 1.69.2.13.2.10 src/contrib/tcpdump/print-bgp.c 1.1.1.8.8.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.21 src/sys/conf/newvers.sh 1.69.2.11.2.21 src/contrib/tcpdump/print-bgp.c 1.1.1.8.6.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-07:06.tcpdump.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGsPfwFdaIBMps37IRAmK/AJ0adsy8zlOOXaJhJJdcX6A0Uy+bSQCfQYVi 4qk7MNSrKFZotejLEXKMCYI= =JIZh -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Wed Aug 1 21:27:30 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC47316A64B; Wed, 1 Aug 2007 21:27:29 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D37C613C4D1; Wed, 1 Aug 2007 21:27:29 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (simon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l71LRTmW068375; Wed, 1 Aug 2007 21:27:29 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l71LRTkT068373; Wed, 1 Aug 2007 21:27:29 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 1 Aug 2007 21:27:29 GMT Message-Id: <200708012127.l71LRTkT068373@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 21:27:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:07.bind Security Advisory The FreeBSD Project Topic: Predictable query ids in named(8) Category: contrib Module: bind Announced: 2007-08-01 Credits: Amit Klein Affects: FreeBSD 5.3 and later. Corrected: 2007-07-25 08:23:08 UTC (RELENG_6, 6.2-STABLE) 2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7) 2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19) 2007-07-25 08:24:40 UTC (RELENG_5, 5.5-STABLE) 2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15) CVE Name: CVE-2007-2926 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS requests contain a query id which is used match a DNS request with the response and to make it harder for anybody but the DNS server which received the request to send a valid response. II. Problem Description When named(8) is operating as a recursive DNS server or sending NOTIFY requests to slave DNS servers, named(8) uses a predictable query id. III. Impact An attacker who can see the query id for some request(s) sent by named(8) is likely to be able to perform DNS cache poisoning by predicting the query id for other request(s). IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 5.5, 6.1, and 6.2 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch # fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/bind # make obj && make depend && make && make install # cd /usr/src/usr.sbin/named # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_5 src/contrib/bind9/bin/named/client.c 1.1.1.1.2.5 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.2.3 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.2.2 RELENG_5_5 src/UPDATING 1.342.2.35.2.15 src/sys/conf/newvers.sh 1.62.2.21.2.17 src/contrib/bind9/bin/named/client.c 1.1.1.1.2.3.2.1 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.2.1.6.1 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.2.1.6.1 RELENG_6 src/contrib/bind9/bin/named/client.c 1.1.1.2.2.3 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.2 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.1 RELENG_6_2 src/UPDATING 1.416.2.29.2.10 src/sys/conf/newvers.sh 1.69.2.13.2.10 src/contrib/bind9/bin/named/client.c 1.1.1.2.2.1.4.2 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.10.2 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.10.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.21 src/sys/conf/newvers.sh 1.69.2.11.2.21 src/contrib/bind9/bin/named/client.c 1.1.1.2.2.1.2.1 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.8.1 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.8.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 http://www.isc.org/sw/bind/bind-security.php http://www.trusteer.com/docs/bind9dns_s.html The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-07:07.bind.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGsPfzFdaIBMps37IRAgIfAJ9cO2LUUc0eb8T+6pltpha91wR2IgCeITpx H3SHyAkPMSICqnT9nY/UBE8= =Fop4 -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Wed Aug 1 22:39:57 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF1DE16A420 for ; Wed, 1 Aug 2007 22:39:57 +0000 (UTC) (envelope-from chris@JEAH.net) Received: from awww.jeah.net (awww.jeah.net [208.98.20.9]) by mx1.freebsd.org (Postfix) with ESMTP id 50EE513C4B0 for ; Wed, 1 Aug 2007 22:39:57 +0000 (UTC) (envelope-from chris@JEAH.net) Received: from awww.jeah.net (localhost.jeah.net [127.0.0.1]) by awww.jeah.net (8.13.8/8.14.1) with ESMTP id l71MD831074095 for ; Wed, 1 Aug 2007 17:13:08 -0500 (CDT) (envelope-from chris@JEAH.net) Received: from localhost (chris@localhost) by awww.jeah.net (8.13.8/8.12.2/Submit) with ESMTP id l71MD8rb074092 for ; Wed, 1 Aug 2007 17:13:08 -0500 (CDT) X-Authentication-Warning: awww.jeah.net: chris owned process doing -bs Date: Wed, 1 Aug 2007 17:13:08 -0500 (CDT) From: Chris Byrnes To: freebsd-security@freebsd.org In-Reply-To: <200708012127.l71LRTd1068382@freefall.freebsd.org> Message-ID: <20070801171209.J70871@awww.jeah.net> References: <200708012127.l71LRTd1068382@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.2.1 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on awww.jeah.net X-Mailman-Approved-At: Wed, 01 Aug 2007 23:18:46 +0000 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 22:39:57 -0000 -I/usr/src/usr.sbin/named/../../lib/bind -U__DATE__ -o named os.o aclconf.o builtin.o client.o config.o control.o controlconf.o interfacemgr.o listenlist.o log.o logconf.o main.o notify.o query.o server.o sortlist.o tkeyconf.o tsigconf.o update.o xfrout.o zoneconf.o lwaddr.o lwresd.o lwdclient.o lwderror.o lwdgabn.o lwdgnba.o lwdgrbn.o lwdnoop.o lwsearch.o ../../lib/bind/bind9/libbind9.a ../../lib/bind/dns/libdns.a ../../lib/bind/isccc/libisccc.a ../../lib/bind/isccfg/libisccfg.a ../../lib/bind/isc/libisc.a ../../lib/bind/lwres/liblwres.a -lcrypto ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x5f25): In function `validated': : undefined reference to `dns_validator_send' ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x6061): In function `validated': : undefined reference to `dns_validator_send' *** Error code 1 Stop in /usr/src/usr.sbin/named. Anyone receiving the same? is a fix on the way? Please cc in replies. Thank you so much! Chris On Wed, 1 Aug 2007, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-07:07.bind Security Advisory > The FreeBSD Project > > Topic: Predictable query ids in named(8) > > Category: contrib > Module: bind > Announced: 2007-08-01 > Credits: Amit Klein > Affects: FreeBSD 5.3 and later. > Corrected: 2007-07-25 08:23:08 UTC (RELENG_6, 6.2-STABLE) > 2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7) > 2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19) > 2007-07-25 08:24:40 UTC (RELENG_5, 5.5-STABLE) > 2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15) > CVE Name: CVE-2007-2926 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > BIND 9 is an implementation of the Domain Name System (DNS) protocols. > The named(8) daemon is an Internet Domain Name Server. DNS requests > contain a query id which is used match a DNS request with the response > and to make it harder for anybody but the DNS server which received the > request to send a valid response. > > II. Problem Description > > When named(8) is operating as a recursive DNS server or sending NOTIFY > requests to slave DNS servers, named(8) uses a predictable query id. > > III. Impact > > An attacker who can see the query id for some request(s) sent by named(8) > is likely to be able to perform DNS cache poisoning by predicting the > query id for other request(s). > > IV. Workaround > > No workaround is available. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the > RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the > correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to FreeBSD 5.5, 6.1, > and 6.2 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch > # fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > # cd /usr/src/lib/bind > # make obj && make depend && make && make install > # cd /usr/src/usr.sbin/named > # make obj && make depend && make && make install > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > Branch Revision > Path > - ------------------------------------------------------------------------- > RELENG_5 > src/contrib/bind9/bin/named/client.c 1.1.1.1.2.5 > src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.2.3 > src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.2.2 > RELENG_5_5 > src/UPDATING 1.342.2.35.2.15 > src/sys/conf/newvers.sh 1.62.2.21.2.17 > src/contrib/bind9/bin/named/client.c 1.1.1.1.2.3.2.1 > src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.2.1.6.1 > src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.2.1.6.1 > RELENG_6 > src/contrib/bind9/bin/named/client.c 1.1.1.2.2.3 > src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.2 > src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.1 > RELENG_6_2 > src/UPDATING 1.416.2.29.2.10 > src/sys/conf/newvers.sh 1.69.2.13.2.10 > src/contrib/bind9/bin/named/client.c 1.1.1.2.2.1.4.2 > src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.10.2 > src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.10.1 > RELENG_6_1 > src/UPDATING 1.416.2.22.2.21 > src/sys/conf/newvers.sh 1.69.2.11.2.21 > src/contrib/bind9/bin/named/client.c 1.1.1.2.2.1.2.1 > src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.8.1 > src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.8.1 > - ------------------------------------------------------------------------- > > VII. References > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 > http://www.isc.org/sw/bind/bind-security.php > http://www.trusteer.com/docs/bind9dns_s.html > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-07:07.bind.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (FreeBSD) > > iD8DBQFGsPfzFdaIBMps37IRAgIfAJ9cO2LUUc0eb8T+6pltpha91wR2IgCeITpx > H3SHyAkPMSICqnT9nY/UBE8= > =Fop4 > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security-notifications@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications > To unsubscribe, send any mail to "freebsd-security-notifications-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Thu Aug 2 00:13:37 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 33F4A16A4C0 for ; Thu, 2 Aug 2007 00:13:37 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by mx1.freebsd.org (Postfix) with SMTP id C5FA213C465 for ; Thu, 2 Aug 2007 00:13:36 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 31938 invoked by uid 399); 2 Aug 2007 00:13:36 -0000 Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTP; 2 Aug 2007 00:13:36 -0000 X-Originating-IP: 127.0.0.1 Message-ID: <46B121AE.50808@FreeBSD.org> Date: Wed, 01 Aug 2007 17:13:34 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.5 (X11/20070723) MIME-Version: 1.0 To: Chris Byrnes References: <200708012127.l71LRTd1068382@freefall.freebsd.org> <20070801171209.J70871@awww.jeah.net> In-Reply-To: <20070801171209.J70871@awww.jeah.net> X-Enigmail-Version: 0.95.1 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 00:13:37 -0000 Chris Byrnes wrote: > -I/usr/src/usr.sbin/named/../../lib/bind -U__DATE__ -o named os.o > aclconf.o builtin.o client.o config.o control.o controlconf.o > interfacemgr.o listenlist.o log.o logconf.o main.o notify.o query.o > server.o sortlist.o tkeyconf.o tsigconf.o update.o xfrout.o zoneconf.o > lwaddr.o lwresd.o lwdclient.o lwderror.o lwdgabn.o lwdgnba.o lwdgrbn.o > lwdnoop.o lwsearch.o ../../lib/bind/bind9/libbind9.a > ../../lib/bind/dns/libdns.a ../../lib/bind/isccc/libisccc.a > ../../lib/bind/isccfg/libisccfg.a ../../lib/bind/isc/libisc.a > ../../lib/bind/lwres/liblwres.a -lcrypto > ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x5f25): In function > `validated': > : undefined reference to `dns_validator_send' > ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x6061): In function > `validated': > : undefined reference to `dns_validator_send' > *** Error code 1 > > Stop in /usr/src/usr.sbin/named. > > > Anyone receiving the same? is a fix on the way? Please cc in replies. > Thank you so much! Could you please let us know what branch, platform, etc. that we're talking about here? Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Thu Aug 2 02:29:13 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 10B5716A41F for ; Thu, 2 Aug 2007 02:29:13 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from fl.us.spammertrap.net (fl.us.spammertrap.net [204.89.241.173]) by mx1.freebsd.org (Postfix) with ESMTP id D0B4B13C45A for ; Thu, 2 Aug 2007 02:29:12 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from localhost (localhost [127.0.0.1]) by fl.us.spammertrap.net (Postfix) with ESMTP id 8EA63170FF for ; Wed, 1 Aug 2007 22:12:21 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=secnap.net; h=mime-version:content-type:content-transfer-encoding:subject: date:message-id:from:to; q=dns/txt; s=s1024; bh=25wC7JWWFVAS/qCd pES+AFsio10=; b=kD9navRfE7UdqU+NycRMmpPcaUjB1PemZaOmIxfiexq69fC0 Vev8fUu1XvTt5p5wbE07YDA4MjC45tvmY4B7ODmAbpbw7UwTE2QdEi4wdGffK6Tb vPR6oKZSKxVaM2q9ZtdgnxJogQksIcJWX3HRcff6J63OSYdn1LBEOvwRQLc= X-Quarantine-ID: X-Virus-Scanned: SpammerTrap(tm) SME-150 1.71 at spammertrap.net X-Amavis-Modified: Mail body modified (using disclaimer) by fl.us.spammertrap.net Received: from secnap2.secnap.com (secnap2.secnap.com [204.89.241.128]) by fl.us.spammertrap.net (Postfix) with ESMTP id 639F6170FA for ; Wed, 1 Aug 2007 22:12:14 -0400 (EDT) X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Wed, 1 Aug 2007 22:11:24 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: FreeBSD Security Advisory FreeBSD-SA-07:07.bind Thread-Index: AcfUklnzlkg12aTZTiGMYf6PfH11rgAF+TdA From: "Michael Scheidell" To: "Chris Byrnes" , Cc: Subject: RE: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 02:29:13 -0000 > -----Original Message----- > From: owner-freebsd-security@freebsd.org=20 > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Chris Byrnes > Sent: Wednesday, August 01, 2007 6:13 PM > To: freebsd-security@freebsd.org > Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:07.bind >=20 > Stop in /usr/src/usr.sbin/named. >=20 >=20 > Anyone receiving the same? is a fix on the way? Please cc in=20 > replies.=20 > Thank you so much! Works here: =20 FreeBSD mirror.secnap.com 5.5-RELEASE-p14 FreeBSD 5.5-RELEASE-p14 *default release=3Dcvs tag=3DRELENG_5_5 I386 and sparc64 _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _________________________________________________________________________ From owner-freebsd-security@FreeBSD.ORG Thu Aug 2 05:03:43 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B983316A417 for ; Thu, 2 Aug 2007 05:03:43 +0000 (UTC) (envelope-from quake2k@mail.ru) Received: from mx4.mail.ru (fallback.mail.ru [194.67.57.14]) by mx1.freebsd.org (Postfix) with ESMTP id 6FEB613C46B for ; Thu, 2 Aug 2007 05:03:43 +0000 (UTC) (envelope-from quake2k@mail.ru) Received: from mx34.mail.ru (mx34.mail.ru [194.67.23.200]) by mx4.mail.ru (mPOP.Fallback_MX) with ESMTP id C2C413FC91F for ; Thu, 2 Aug 2007 04:20:42 +0400 (MSD) Received: from [87.237.119.101] (port=33147 helo=A3000) by mx34.mail.ru with asmtp id 1IGOQi-0004a6-00 for freebsd-security@freebsd.org; Thu, 02 Aug 2007 04:20:40 +0400 Message-ID: <001001c7d49a$e7f58d70$26c39605@A3000> From: "John Freeman" To: References: <200708012127.l71LRTd1068382@freefall.freebsd.org><20070801171209.J70871@awww.jeah.net> <46B121AE.50808@FreeBSD.org> Date: Thu, 2 Aug 2007 04:20:16 +0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 05:03:43 -0000 > Chris Byrnes wrote: >> -I/usr/src/usr.sbin/named/../../lib/bind -U__DATE__ -o named os.o >> aclconf.o builtin.o client.o config.o control.o controlconf.o >> interfacemgr.o listenlist.o log.o logconf.o main.o notify.o query.o >> server.o sortlist.o tkeyconf.o tsigconf.o update.o xfrout.o zoneconf.o >> lwaddr.o lwresd.o lwdclient.o lwderror.o lwdgabn.o lwdgnba.o lwdgrbn.o >> lwdnoop.o lwsearch.o ../../lib/bind/bind9/libbind9.a >> ../../lib/bind/dns/libdns.a ../../lib/bind/isccc/libisccc.a >> ../../lib/bind/isccfg/libisccfg.a ../../lib/bind/isc/libisc.a >> ../../lib/bind/lwres/liblwres.a -lcrypto >> ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x5f25): In function >> `validated': >> : undefined reference to `dns_validator_send' >> ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x6061): In function >> `validated': >> : undefined reference to `dns_validator_send' >> *** Error code 1 >> >> Stop in /usr/src/usr.sbin/named. >> >> >> Anyone receiving the same? is a fix on the way? Please cc in replies. >> Thank you so much! > > Could you please let us know what branch, platform, etc. that we're > talking about here? > > Doug > > -- Same problem on AMD64 build. I'm too lazy to attach full text, this system doesn't use bind and jail. - From owner-freebsd-security@FreeBSD.ORG Thu Aug 2 10:09:05 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F01916A417 for ; Thu, 2 Aug 2007 10:09:05 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by mx1.freebsd.org (Postfix) with SMTP id 0A1AD13C474 for ; Thu, 2 Aug 2007 10:09:04 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 1766 invoked by uid 399); 2 Aug 2007 10:09:04 -0000 Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTP; 2 Aug 2007 10:09:04 -0000 X-Originating-IP: 127.0.0.1 Message-ID: <46B1AD3F.2010309@FreeBSD.org> Date: Thu, 02 Aug 2007 03:09:03 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.5 (X11/20070723) MIME-Version: 1.0 To: John Freeman References: <200708012127.l71LRTd1068382@freefall.freebsd.org><20070801171209.J70871@awww.jeah.net> <46B121AE.50808@FreeBSD.org> <001001c7d49a$e7f58d70$26c39605@A3000> In-Reply-To: <001001c7d49a$e7f58d70$26c39605@A3000> X-Enigmail-Version: 0.95.1 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 10:09:05 -0000 John Freeman wrote: > Same problem on AMD64 build. I'm too lazy to attach full text, this > system doesn't use bind and jail. What branch are you tracking? Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Thu Aug 2 10:12:25 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B413C16A418 for ; Thu, 2 Aug 2007 10:12:25 +0000 (UTC) (envelope-from quake2k@mail.ru) Received: from mx3.mail.ru (mx3.mail.ru [194.67.23.149]) by mx1.freebsd.org (Postfix) with ESMTP id 6E35213C45E for ; Thu, 2 Aug 2007 10:12:25 +0000 (UTC) (envelope-from quake2k@mail.ru) Received: from [87.237.119.101] (port=17977 helo=A3000) by mx3.mail.ru with asmtp id 1IGXfL-000MhX-00 for freebsd-security@freebsd.org; Thu, 02 Aug 2007 14:12:23 +0400 Message-ID: <001e01c7d4ed$9300a860$26c39605@A3000> From: "John Freeman" To: Date: Thu, 2 Aug 2007 14:12:03 +0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="ISO-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Subject: Fw: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 10:12:25 -0000 > John Freeman wrote: > >> Same problem on AMD64 build. I'm too lazy to attach full text, this >> system doesn't use bind and jail. > > What branch are you tracking? > > Doug > 6.2 STABLE (RELENG_6 latest cvs) amd64 - From owner-freebsd-security@FreeBSD.ORG Thu Aug 2 10:16:02 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D55E816A418 for ; Thu, 2 Aug 2007 10:16:02 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by mx1.freebsd.org (Postfix) with SMTP id 6F15E13C4B3 for ; Thu, 2 Aug 2007 10:16:02 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 9093 invoked by uid 399); 2 Aug 2007 10:16:01 -0000 Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTP; 2 Aug 2007 10:16:01 -0000 X-Originating-IP: 127.0.0.1 Message-ID: <46B1AEE0.9070005@FreeBSD.org> Date: Thu, 02 Aug 2007 03:16:00 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.5 (X11/20070723) MIME-Version: 1.0 To: Michael Scheidell References: In-Reply-To: X-Enigmail-Version: 0.95.1 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, Chris Byrnes Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 10:16:02 -0000 Michael Scheidell wrote: > Works here: > FreeBSD mirror.secnap.com 5.5-RELEASE-p14 FreeBSD 5.5-RELEASE-p14 > > *default release=cvs tag=RELENG_5_5 > > I386 and sparc64 Thanks for the update, this is good to know. Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Thu Aug 2 10:21:30 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 449ED16A417 for ; Thu, 2 Aug 2007 10:21:30 +0000 (UTC) (envelope-from quake2k@mail.ru) Received: from mx5.mail.ru (mx5.mail.ru [194.67.23.25]) by mx1.freebsd.org (Postfix) with ESMTP id F314B13C46E for ; Thu, 2 Aug 2007 10:21:29 +0000 (UTC) (envelope-from quake2k@mail.ru) Received: from [87.237.119.101] (port=29722 helo=A3000) by mx5.mail.ru with asmtp id 1IGXo7-0006dj-00 for freebsd-security@freebsd.org; Thu, 02 Aug 2007 14:21:27 +0400 Message-ID: <001a01c7d4ee$d73f3fe0$26c39605@A3000> From: "John Freeman" To: Date: Thu, 2 Aug 2007 14:21:07 +0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="ISO-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Subject: Fw: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 10:21:30 -0000 > John Freeman wrote: > >> Same problem on AMD64 build. I'm too lazy to attach full text, this >> system doesn't use bind and jail. > > What branch are you tracking? > > Doug > After today's cvsup all ok , it solved? Wasn't compile only after patch included in SA. - From owner-freebsd-security@FreeBSD.ORG Thu Aug 2 10:31:41 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 29CB116A421 for ; Thu, 2 Aug 2007 10:31:41 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by mx1.freebsd.org (Postfix) with SMTP id BCCBF13C478 for ; Thu, 2 Aug 2007 10:31:40 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 24655 invoked by uid 399); 2 Aug 2007 10:31:40 -0000 Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTP; 2 Aug 2007 10:31:40 -0000 X-Originating-IP: 127.0.0.1 Message-ID: <46B1B28A.3030804@FreeBSD.org> Date: Thu, 02 Aug 2007 03:31:38 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.5 (X11/20070723) MIME-Version: 1.0 To: John Freeman References: <001a01c7d4ee$d73f3fe0$26c39605@A3000> In-Reply-To: <001a01c7d4ee$d73f3fe0$26c39605@A3000> X-Enigmail-Version: 0.95.1 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Fw: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 10:31:41 -0000 John Freeman wrote: > >> John Freeman wrote: >> >>> Same problem on AMD64 build. I'm too lazy to attach full text, this >>> system doesn't use bind and jail. >> >> What branch are you tracking? >> >> Doug >> > > After today's cvsup all ok , it solved? Wasn't compile only after patch > included in SA. Ok, that points to a difference between the patch that's on line and what went into CVS. That's purely a secteam issue I'm afraid. Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Thu Aug 2 11:11:48 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CACD516A419 for ; Thu, 2 Aug 2007 11:11:48 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id 7046D13C428 for ; Thu, 2 Aug 2007 11:11:48 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id 308C51E8C06; Thu, 2 Aug 2007 10:53:41 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id B1A381141D; Thu, 2 Aug 2007 12:53:39 +0200 (CEST) Date: Thu, 2 Aug 2007 12:53:39 +0200 From: "Simon L. Nielsen" To: John Freeman Message-ID: <20070802105338.GA1088@zaphod.nitro.dk> References: <001a01c7d4ee$d73f3fe0$26c39605@A3000> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001a01c7d4ee$d73f3fe0$26c39605@A3000> User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-security@freebsd.org Subject: Re: Fw: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 11:11:48 -0000 On 2007.08.02 14:21:07 +0400, John Freeman wrote: > >> John Freeman wrote: >> >>> Same problem on AMD64 build. I'm too lazy to attach full text, this >>> system doesn't use bind and jail. >> >> What branch are you tracking? > > After today's cvsup all ok , it solved? Wasn't compile only after patch > included in SA. RELENG_6 was already fixed 2007-07-25 08:23:08 UTC by dougb, so the patch wasn't tested against RELENG_6 at all but only against the release / security branches. Most of the time the released patches will work against the stable branches, but not always. -- Simon L. Nielsen FreeBSD Security Team From owner-freebsd-security@FreeBSD.ORG Thu Aug 2 16:33:29 2007 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D6D7E16A417 for ; Thu, 2 Aug 2007 16:33:29 +0000 (UTC) (envelope-from chris@JEAH.net) Received: from awww.jeah.net (awww.jeah.net [208.98.20.9]) by mx1.freebsd.org (Postfix) with ESMTP id ACA9D13C46A for ; Thu, 2 Aug 2007 16:33:29 +0000 (UTC) (envelope-from chris@JEAH.net) Received: from awww.jeah.net (localhost.jeah.net [127.0.0.1]) by awww.jeah.net (8.13.8/8.14.1) with ESMTP id l72GXRNq070906; Thu, 2 Aug 2007 11:33:27 -0500 (CDT) (envelope-from chris@JEAH.net) Received: from localhost (chris@localhost) by awww.jeah.net (8.13.8/8.12.2/Submit) with ESMTP id l72GXRpL070903; Thu, 2 Aug 2007 11:33:27 -0500 (CDT) X-Authentication-Warning: awww.jeah.net: chris owned process doing -bs Date: Thu, 2 Aug 2007 11:33:27 -0500 (CDT) From: Chris Byrnes To: Doug Barton In-Reply-To: <46B121AE.50808@FreeBSD.org> Message-ID: <20070802113257.P70883@awww.jeah.net> References: <200708012127.l71LRTd1068382@freefall.freebsd.org> <20070801171209.J70871@awww.jeah.net> <46B121AE.50808@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.2.1 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on awww.jeah.net X-Mailman-Approved-At: Thu, 02 Aug 2007 16:54:18 +0000 Cc: freebsd-security@FreeBSD.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 16:33:29 -0000 On Wed, 1 Aug 2007, Doug Barton wrote: > Chris Byrnes wrote: >> -I/usr/src/usr.sbin/named/../../lib/bind -U__DATE__ -o named os.o >> aclconf.o builtin.o client.o config.o control.o controlconf.o >> interfacemgr.o listenlist.o log.o logconf.o main.o notify.o query.o >> server.o sortlist.o tkeyconf.o tsigconf.o update.o xfrout.o zoneconf.o >> lwaddr.o lwresd.o lwdclient.o lwderror.o lwdgabn.o lwdgnba.o lwdgrbn.o >> lwdnoop.o lwsearch.o ../../lib/bind/bind9/libbind9.a >> ../../lib/bind/dns/libdns.a ../../lib/bind/isccc/libisccc.a >> ../../lib/bind/isccfg/libisccfg.a ../../lib/bind/isc/libisc.a >> ../../lib/bind/lwres/liblwres.a -lcrypto >> ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x5f25): In function >> `validated': >> : undefined reference to `dns_validator_send' >> ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x6061): In function >> `validated': >> : undefined reference to `dns_validator_send' >> *** Error code 1 >> >> Stop in /usr/src/usr.sbin/named. >> >> >> Anyone receiving the same? is a fix on the way? Please cc in replies. >> Thank you so much! > > Could you please let us know what branch, platform, etc. that we're > talking about here? > > Doug Doug, Thank you for your help. i386, 6.2-stable From owner-freebsd-security@FreeBSD.ORG Thu Aug 2 19:29:48 2007 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3730516A418; Thu, 2 Aug 2007 19:29:48 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id DA0F913C457; Thu, 2 Aug 2007 19:29:47 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id D9FF51E8C0A; Thu, 2 Aug 2007 19:29:46 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id A60171141D; Thu, 2 Aug 2007 21:29:46 +0200 (CEST) Date: Thu, 2 Aug 2007 21:29:46 +0200 From: "Simon L. Nielsen" To: Chris Byrnes Message-ID: <20070802192946.GF1088@zaphod.nitro.dk> References: <200708012127.l71LRTd1068382@freefall.freebsd.org> <20070801171209.J70871@awww.jeah.net> <46B121AE.50808@FreeBSD.org> <20070802113257.P70883@awww.jeah.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070802113257.P70883@awww.jeah.net> User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-security@FreeBSD.org, Doug Barton Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 19:29:48 -0000 On 2007.08.02 11:33:27 -0500, Chris Byrnes wrote: > On Wed, 1 Aug 2007, Doug Barton wrote: > >> Chris Byrnes wrote: >>> -I/usr/src/usr.sbin/named/../../lib/bind -U__DATE__ -o named os.o >>> aclconf.o builtin.o client.o config.o control.o controlconf.o >>> interfacemgr.o listenlist.o log.o logconf.o main.o notify.o query.o >>> server.o sortlist.o tkeyconf.o tsigconf.o update.o xfrout.o zoneconf.o >>> lwaddr.o lwresd.o lwdclient.o lwderror.o lwdgabn.o lwdgnba.o lwdgrbn.o >>> lwdnoop.o lwsearch.o ../../lib/bind/bind9/libbind9.a >>> ../../lib/bind/dns/libdns.a ../../lib/bind/isccc/libisccc.a >>> ../../lib/bind/isccfg/libisccfg.a ../../lib/bind/isc/libisc.a >>> ../../lib/bind/lwres/liblwres.a -lcrypto >>> ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x5f25): In function >>> `validated': >>> : undefined reference to `dns_validator_send' >>> ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x6061): In function >>> `validated': >>> : undefined reference to `dns_validator_send' >>> *** Error code 1 >>> >>> Stop in /usr/src/usr.sbin/named. >>> >>> >>> Anyone receiving the same? is a fix on the way? Please cc in replies. >>> Thank you so much! >> >> Could you please let us know what branch, platform, etc. that we're >> talking about here? >> >> Doug > > Doug, > > Thank you for your help. > > i386, 6.2-stable Then you should just update to the latest 6-stable via cvsup and you will get the fixed version. Actually, if you have upgraded since 2007-07-25 you will probably have the fixed version since dougb was very fast in committing the fixed version to the development branches. -- Simon L. Nielsen From owner-freebsd-security@FreeBSD.ORG Fri Aug 3 05:59:51 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5240C16A418 for ; Fri, 3 Aug 2007 05:59:51 +0000 (UTC) (envelope-from noc@webazilla.com) Received: from webazilla.com (relay1.webazilla.com [194.187.96.44]) by mx1.freebsd.org (Postfix) with ESMTP id 1006D13C4CE for ; Fri, 3 Aug 2007 05:59:50 +0000 (UTC) (envelope-from noc@webazilla.com) Received: from bill.webazilla.com ([88.85.67.199]) by webazilla.com with esmtps (TLSv1:AES256-SHA:256) (envelope-from ) id 1IGqCQ-0008db-Vc for freebsd-security@freebsd.org; Fri, 03 Aug 2007 07:59:49 +0200 Received: from " apache" by bill.webazilla.com with local (envelope-from ) id 1IGqCJ-000BEm-RQ for freebsd-security@freebsd.org; Fri, 03 Aug 2007 07:59:39 +0200 From: "WebaZilla - Support [kv]" In-Reply-To: <46B2C433.6080200@webazilla.com> References: <200708012127.l71LR0AZ068305@freefall.freebsd.org> <46B2088F.4020105@webazilla.com> <46B2C433.6080200@webazilla.com> Message-ID: Precedence: bulk X-RT-Loop-Prevention: tt RT-Ticket: tt #17465 Managed-by: RT 3.6.4 (http://www.bestpractical.com/rt/) RT-Originator: kv@webazilla.com To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-RT-Original-Encoding: utf-8 Date: Fri, 03 Aug 2007 07:59:39 +0200 X-Spam-Score: -18 X-Mailman-Approved-At: Fri, 03 Aug 2007 11:27:05 +0000 Subject: Re: [tt #17465] [Comment] FreeBSD Security Advisory FreeBSD-SA-07:06.tcpdump X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: noc@webazilla.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Aug 2007 05:59:51 -0000 Bezruk wrote: > This is a comment. It is not sent to the Requestor(s): > > On Thu Aug 02 18:39:00 2007, kv wrote: >> Если возле компа, посмотри плиз, на duty dhcpd я опустил, а подниматься >> он вообще не хочет. В логах полная тишина, я подозреваю, это из-за >> каких-то вопросов с безопасностью на этом сервере. >> > > А че было-то? логическая ошибка