From owner-freebsd-announce@FreeBSD.ORG Wed Sep 28 09:05:51 2011 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 337581065672; Wed, 28 Sep 2011 09:05:51 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 081B68FC14; Wed, 28 Sep 2011 09:05:51 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p8S95okp098554; Wed, 28 Sep 2011 09:05:50 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p8S95ofh098553; Wed, 28 Sep 2011 09:05:50 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 28 Sep 2011 09:05:50 GMT Message-Id: <201109280905.p8S95ofh098553@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-11:03.bind X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Sep 2011 09:05:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:03.bind Security Advisory The FreeBSD Project Topic: Remote packet Denial of Service against named(8) servers Category: contrib Module: bind Announced: 2011-09-28 Credits: Roy Arends Affects: 8.2-STABLE after 2011-05-28 and prior to the correction date Corrected: 2011-07-06 00:50:54 UTC (RELENG_8, 8.2-STABLE) CVE Name: CVE-2011-2464 Note: This advisory concerns a vulnerability which existed only in the FreeBSD 8-STABLE branch and was fixed over two months prior to the date of this advisory. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. II. Problem Description A logic error in the BIND code causes the BIND daemon to accept bogus data, which could cause the daemon to crash. III. Impact An attacker able to send traffic to the BIND daemon can cause it to crash, resulting in a denial of service. IV. Workaround No workaround is available, but systems not running the BIND name server are not affected. V. Solution Upgrade your vulnerable system to 8-STABLE dated after the correction date. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_8 src/contrib/bind9/lib/dns/message.c 1.3.2.3 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r223815 - ------------------------------------------------------------------------- VII. References http://www.isc.org/software/bind/advisories/cve-2011-2464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-11:03.bind.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk6C4CYACgkQFdaIBMps37LwQgCeIDVGsCWOLoVdmWogOOaPC1UG 9G8AoJPlRbNmkEWMg7uoOYrvjWlRRdlK =aUvD -----END PGP SIGNATURE-----