From owner-freebsd-security-notifications@FreeBSD.ORG Tue Jan 14 20:11:09 2014 Return-Path: Delivered-To: freebsd-security-notifications@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E9B4436E; Tue, 14 Jan 2014 20:11:08 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C9D811D9C; Tue, 14 Jan 2014 20:11:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s0EKB8Dt082607; Tue, 14 Jan 2014 20:11:08 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id s0EKB8rM082606; Tue, 14 Jan 2014 20:11:08 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 14 Jan 2014 20:11:08 GMT Message-Id: <201401142011.s0EKB8rM082606@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-14:01.bsnmpd Precedence: bulk X-BeenThere: freebsd-security-notifications@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Moderated Security Notifications \[moderated, low volume\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2014 20:11:09 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:01.bsnmpd Security Advisory The FreeBSD Project Topic: bsnmpd remote denial of service vulnerability Category: contrib Module: bsnmp Announced: 2014-01-14 Credits: Dirk Meyer Affects: All supported versions of FreeBSD. Corrected: 2014-01-14 19:02:14 UTC (stable/10, 10.0-PRERELEASE) 2014-01-14 19:10:38 UTC (releng/10.0, 10.0-RELEASE) 2014-01-14 19:10:38 UTC (releng/10.0, 10.0-RC5-p1) 2014-01-14 19:10:38 UTC (releng/10.0, 10.0-RC4-p1) 2014-01-14 19:10:38 UTC (releng/10.0, 10.0-RC3-p1) 2014-01-14 19:10:38 UTC (releng/10.0, 10.0-RC2-p1) 2014-01-14 19:10:38 UTC (releng/10.0, 10.0-RC1-p1) 2014-01-14 19:17:20 UTC (stable/9, 9.2-STABLE) 2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3) 2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10) 2014-01-14 19:17:20 UTC (stable/8, 8.4-STABLE) 2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7) 2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14) CVE Name: CVE-2014-1452 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The bsnmpd is a simple and extensible SNMP daemon serves the Internet SNMP (Simple Network Management Protocol). II. Problem Description The bsnmpd(8) daemon is prone to a stack-based buffer-overflow when it has received a specifically crafted GETBULK PDU request. III. Impact This issue could be exploited to execute arbitrary code in the context of the service daemon, or crash the service daemon, causing a denial-of-service. IV. Workaround No workaround is available, but systems not running bsnmpd(8) are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:01/bsnmpd.patch # fetch http://security.FreeBSD.org/patches/SA-14:01/bsnmpd.patch.asc # gpg --verify bsnmpd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart the bsnmpd(8) daemons, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r260642 releng/8.3/ r260647 releng/8.4/ r260647 stable/9/ r260642 releng/9.1/ r260647 releng/9.2/ r260647 stable/10/ r260638 releng/10.0/ r260640 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS1ZS6AAoJEO1n7NZdz2rnDXwP/1iQmuO8VLjZoD3LMpiHyA/i YgwjX5x9XT2MyVrRmu+nHaCG3ZDC4/IV72/jCzV8udQJ1RF6Aswhuk6mXI7oatol OYF27JnRVAJQjAvXw3zMsp4hLv631TvgO1Az1vK7f1pX8bDC/eBTaiCH7I6QBYGS E4Fsi2MwOWIRyglTjlFSL8Wb2yQmzkKCx/EVFF/6mRC7l3a9pkHf5VKQtut1KYFu 5QF5cG5anur4daP4w45yWsl0qkRDO5mJdpD+S3NtzydluWzz/Dk/0laS5wB+LLzV cXC5/GR/acQhO+MvDIDT4Emra2OXzsheEahOJhLKHsBF8pHBi5IldkVwQmme76/g aR1gLSFJ5LYcpAgBQgeWKXXCAol5zNRCR8v8IBnV2+rYRSrIdl5lstgVmla++xJD +bC7PbTqcLlyFGrMEvd/mAvX1PVa9BVYtaxXA5QZq5EHP7nsKotcAk7/kouVfmao Gdxlt7YjRic6D/WqF8RFiQv9ezpbEnMQ1BwOCSUEJasXlyxJXYA6vva7tyM3OmyD c2I9JLeV8aCUgIf3s+HoGcZhz01kmu9REQ/OEDtiN8kX94WOzpectf8V5g+JnxRd HoOfcvrChohL4nla+3RvG1LJo5KD5N09yHnV2y3LjxTdKu9Hw4ATzFwmPmEUqUfG eF12aO4PVp42wYWNHtGe =xZTc -----END PGP SIGNATURE----- From owner-freebsd-security-notifications@FreeBSD.ORG Tue Jan 14 20:11:13 2014 Return-Path: Delivered-To: freebsd-security-notifications@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4E8D3372; Tue, 14 Jan 2014 20:11:13 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 387391DA0; Tue, 14 Jan 2014 20:11:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s0EKBDOJ082641; Tue, 14 Jan 2014 20:11:13 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id s0EKBDJi082640; Tue, 14 Jan 2014 20:11:13 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 14 Jan 2014 20:11:13 GMT Message-Id: <201401142011.s0EKBDJi082640@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-14:02.ntpd Precedence: bulk X-BeenThere: freebsd-security-notifications@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Moderated Security Notifications \[moderated, low volume\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2014 20:11:13 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:02.ntpd Security Advisory The FreeBSD Project Topic: ntpd distributed reflection Denial of Service vulnerability Category: contrib Module: ntpd Announced: 2014-01-14 Affects: All supported versions of FreeBSD. Corrected: 2014-01-14 19:04:33 UTC (stable/10, 10.0-PRERELEASE) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RELEASE) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC5-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC4-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC3-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC2-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC1-p1) 2014-01-14 19:20:41 UTC (stable/9, 9.2-STABLE) 2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3) 2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10) 2014-01-14 19:20:41 UTC (stable/8, 8.4-STABLE) 2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7) 2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14) CVE Name: CVE-2013-5211 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. II. Problem Description The ntpd(8) daemon supports a query 'monlist' which provides a history of recent NTP clients without any authentication. III. Impact An attacker can send 'monlist' queries and use that as an amplification of a reflection attack. IV. Workaround The administrator can implement one of the following possible workarounds to mitigate the attack: 1) Restrict access to ntpd(8). This can be done by adding the following lines to /etc/ntp.conf: restrict -4 default nomodify nopeer noquery notrap restrict -6 default nomodify nopeer noquery notrap restrict 127.0.0.1 restrict -6 ::1 restrict 127.127.1.0 And restart the ntpd(8) daemon. Time service is not affected and the administrator can still perform queries from local host. 2) Use IP based restrictions in ntpd(8) itself or in IP firewalls to restrict which systems can access ntpd(8). 3) Replace the base system ntpd(8) with net/ntp-devel (version 4.2.7p76 or newer) V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch # fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch.asc # gpg --verify ntpd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart the ntpd(8) daemon, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Note that the patch would disable monitoring features of ntpd(8) daemon by default. If the feature is desirable, the administrator can choose to enable it and firewall access to ntpd(8) service. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r260641 releng/8.3/ r260647 releng/8.4/ r260647 stable/9/ r260641 releng/9.1/ r260647 releng/9.2/ r260647 stable/10/ r260639 releng/10.0/ r260641 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS1ZTLAAoJEO1n7NZdz2rnn7YP/2DcBtR4LAlMLqa9t8WsFVrD zrfmitYv5xZ6TUGURfQ3mhF4Xv+vSaYt5AWphBjo/Um+dZLTrX3NXJyjLWenCFZ1 vUgoeT4czdh/sWXBO+BdahswttJ6uPO0ZPeW/TpczHMrfG++r6FZtcavYj1gWUPX rQUEh3IRT5MzzcdiIdQFOpi6OeOP7hem5pNOqYwjyy4L4wrgIUetaMpvqXgi2Wa+ R2vqQNpFAPxKkMkbohLEPRmEK9dXGXejQ7EHFK5jzxInyg32WGFPkJ46bLw3bEsB sIoh+sxQ3J9mxyaykhX6T7U7PUkzBaNSs62bQE5H8695E30obnZqtfon6qBP5UCT /kF1+42RIQIPJUFS22NXaUJVOkpd2zyVhwLxgCHg96PHwd1VAC0bnuB4CQt8lN2C vcOsFcq6CUpMuteURBeiETb0OGWTTT3gyX4T7N4kRKptvmEVUKxZPnmfJCwNHM2I TzM2HbHaBv9CMIy5X4iDQxLH3w3tSh+IHU6m9cN5rd6JDTa5DQEuRkhaeVbCGHRt EcSHvUCr+llacITA2rkm1/KPcP97nGgbbM2QbbUVZ/vkdEcImPfrBzrBbaoBzf5p FTplhJ/4bfF0/Kgt5GTNgQXqtIuEQOs+ljNu2HW+cAfX2Hizlo7jjfMxS0y7/fY2 hBdg8zuXs/rBI2LKUcP6 =7q6W -----END PGP SIGNATURE----- From owner-freebsd-security-notifications@FreeBSD.ORG Tue Jan 14 20:11:16 2014 Return-Path: Delivered-To: freebsd-security-notifications@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C97CE4CA; Tue, 14 Jan 2014 20:11:16 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id A9F671DF8; Tue, 14 Jan 2014 20:11:16 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s0EKBGbd082678; Tue, 14 Jan 2014 20:11:16 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id s0EKBGRI082677; Tue, 14 Jan 2014 20:11:16 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 14 Jan 2014 20:11:16 GMT Message-Id: <201401142011.s0EKBGRI082677@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-14:03.openssl Precedence: bulk X-BeenThere: freebsd-security-notifications@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Moderated Security Notifications \[moderated, low volume\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2014 20:11:16 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:03.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2014-01-14 Affects: FreeBSD 10.0 prior to 10.0-RC5 Corrected: 2014-01-07 20:04:41 UTC (stable/10, 10.0-PRERELEASE) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC5) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC4-p1) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC3-p1) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC2-p1) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC1-p1) CVE Name: CVE-2013-4353, CVE-2013-6449, CVE-2013-6450 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. [CVE-2013-4353] A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. [CVE-2013-6450] A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2. [CVE-2013-6449] III. Impact An attacker can send a specifically crafted packet that could cause an OpenSSL enabled application to crash, resulting in a Denial of Service. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:03/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-14:03/openssl.patch.asc # gpg --verify openssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r260404 releng/10.0/ r260405 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS1ZTSAAoJEO1n7NZdz2rnHboP/Ryb4a9ENJ7J/S00E8V1YToh hihrCKssMl6GVltS4oeyAmAW+mDx3DZy+RmAEhgjyAX4gpAxcY/g665j5BMtWAtV LLJTI9D6ynO7+2y8CeD3W7tk28hNtBPWSV+cGi7USQMKijs6euPocgTU7TnAuF/e /jcDTn8Sx/Sq0d3ecTWFBOcPHiq5sm/3pW5B1RVxY9DL+zhQ7T/Rb6pgfp6trssM p8dklzoBReHqs1iPUC4RyhWXOoQoq5VX500b9SHh2X/7eBSq1ab76VF3x+9VOpjj VRxL9sdkmp+iaVfMHxms3vCLSDlmpgYpq5SftL3jgkequPCpU6NFQGFQKw2crdL0 NY7dDPjMuvDzzdG7BZtt1mjpRMMMGmZ7fK0myP0+a3YbXEEZeAGT6k07er/xkGCr uTWyPNM4g3Ulwkfnz60TbFrdMdiCJbRVC9xxOkGEALe882v0WWGPhx9IVbT3dGVw KGFOXM+IqF55JuaHQ0u/B4wrjBfgBSgOt90TDyMJ5rPjiKG9wyUWnn7QziAVJQ0M 0H/82/2cxNX5+efWNi7xhss2fs1zcU3kiyr135mqamgOQyPG8jFOF7RhdpeGfzVk ollQG+y1uwVTAWhmVb4MSaAuJw8ixVuap73Rbyug+MuKRLgR2jSxHFiBeiHLA1eG 1+DWJPX0+/zoNakLiw+r =YOCY -----END PGP SIGNATURE----- From owner-freebsd-security-notifications@FreeBSD.ORG Tue Jan 14 20:11:19 2014 Return-Path: Delivered-To: freebsd-security-notifications@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D87B2768; Tue, 14 Jan 2014 20:11:19 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B9D351DFD; Tue, 14 Jan 2014 20:11:19 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s0EKBJQt082714; Tue, 14 Jan 2014 20:11:19 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id s0EKBJl3082713; Tue, 14 Jan 2014 20:11:19 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 14 Jan 2014 20:11:19 GMT Message-Id: <201401142011.s0EKBJl3082713@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-14:04.bind Precedence: bulk X-BeenThere: freebsd-security-notifications@freebsd.org X-Mailman-Version: 2.1.17 Reply-To: freebsd-security@freebsd.org List-Id: "Moderated Security Notifications \[moderated, low volume\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2014 20:11:19 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:04.bind Security Advisory The FreeBSD Project Topic: BIND remote denial of service vulnerability Category: contrib Module: bind Announced: 2014-01-14 Credits: ISC Affects: FreeBSD 8.x and FreeBSD 9.x Corrected: 2014-01-14 19:38:37 UTC (stable/9, 9.2-STABLE) 2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3) 2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10) 2014-01-14 19:38:37 UTC (stable/8, 8.4-STABLE) 2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7) 2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14) CVE Name: CVE-2014-0591 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. II. Problem Description Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. This issue only affects authoritative nameservers with at least one NSEC3-signed zone. Recursive-only servers are not at risk. III. Impact An attacker who can send a specially crafted query could cause named(8) to crash, resulting in a denial of service. IV. Workaround No workaround is available, but systems not running authoritative DNS service with at least one NSEC3-signed zone using named(8) are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 8.3, 8.4, 9.1, 9.2-RELEASE and 8.4-STABLE] # fetch http://security.FreeBSD.org/patches/SA-14:04/bind-release.patch # fetch http://security.FreeBSD.org/patches/SA-14:04/bind-release.patch.asc # gpg --verify bind-release.patch.asc [FreeBSD 9.2-STABLE] # fetch http://security.FreeBSD.org/patches/SA-14:04/bind-stable-9.patch # fetch http://security.FreeBSD.org/patches/SA-14:04/bind-stable-9.patch.asc # gpg --verify bind-stable-9.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r260646 releng/8.3/ r260647 releng/8.4/ r260647 stable/9/ r260646 releng/9.1/ r260647 releng/9.2/ r260647 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS1ZTYAAoJEO1n7NZdz2rnOvQP/2/68/s9Cu35PmqNtSZVVxVG ZSQP5EGWx/lramNf9566iKxOrLRMq/h3XWcC4goVd+gZFrvITJSVOWSa7ntDQ7TO XcinfRZ/iyiJbs/Rg2wLHc/t5oVSyeouyccqODYFbOwOlk35JjOTMUG1YcX+Zasg ax8RV+7Zt1QSBkMlOz/myBLXUjlTZ3Xg2FXVsfFQW5/g2CjuHpRSFx1bVNX6ysoG 9DT58EQcYxIS8WfkHRbbXKh9I1nSfZ7/Hky/kTafRdRMrjAgbqFgHkYTYsBZeav5 fYWKGQRJulYfeZQ90yMTvlpF42DjCC3uJYamJnwDIu8OhS1WRBI8fQfr9DRzmRua OK3BK9hUiScDZOJB6OqeVzUTfe7MAA4/UwrDtTYQ+PqAenv1PK8DZqwXyxA9ThHb zKO3OwuKOVHJnKvpOcr+eNwo7jbnHlis0oBksj/mrq2P9m2ueF9gzCiq5Ri5Syag Wssb1HUoMGwqU0roS8+pRpNC8YgsWpsttvUWSZ8u6Vj/FLeHpiV3mYXPVMaKRhVm 067BA2uj4Th1JKtGleox+Em0R7OFbCc/9aWC67wiqI6KRyit9pYiF3npph+7D5Eq 7zPsUdDd+qc+UTiLp3liCRp5w6484wWdhZO6wRtmUgxGjNkxFoNnX8CitzF8AaqO UWWemqWuz3lAZuORQ9KX =OQzQ -----END PGP SIGNATURE-----