From owner-freebsd-security@FreeBSD.ORG Tue Aug 7 06:18:15 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 34FD8106566C for ; Tue, 7 Aug 2012 06:18:15 +0000 (UTC) (envelope-from ml@netfence.it) Received: from cp-out9.libero.it (cp-out9.libero.it [212.52.84.109]) by mx1.freebsd.org (Postfix) with ESMTP id A437E8FC0A for ; Tue, 7 Aug 2012 06:18:14 +0000 (UTC) X-CTCH-Spam: Unknown X-CTCH-RefID: str=0001.0A0B0207.5020B2A4.013F,ss=1,re=0.000,fgs=0 X-libjamoibt: 1555 Received: from soth.ventu (151.41.130.228) by cp-out9.libero.it (8.5.133) id 4FD1B523099A3715 for freebsd-security@freebsd.org; Tue, 7 Aug 2012 08:16:04 +0200 Received: from alamar.ventu (alamar.ventu [10.1.2.18]) by soth.ventu (8.14.5/8.14.5) with ESMTP id q776FsXa082232 for ; Tue, 7 Aug 2012 08:15:54 +0200 (CEST) (envelope-from ml@netfence.it) Message-ID: <5020B29A.4010304@netfence.it> Date: Tue, 07 Aug 2012 08:15:54 +0200 From: Andrea Venturoli User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:14.0) Gecko/20120727 Thunderbird/14.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <201208062212.q76MC5fc015846@freefall.freebsd.org> In-Reply-To: <201208062212.q76MC5fc015846@freefall.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.73 on 10.1.2.13 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-12:05.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Aug 2012 06:18:15 -0000 On 08/07/12 00:12, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-12:05.bind Security Advisory > The FreeBSD Project > > Topic: named(8) DNSSEC validation Denial of Service > > Category: contrib > Module: bind > Announced: 2012-08-06 > Credits: Einar Lonn of IIS.se > Affects: All supported versions of FreeBSD > Corrected: 2012-08-06 21:33:11 UTC (RELENG_7, 7.4-STABLE) > 2012-08-06 21:33:11 UTC (RELENG_7_4, 7.4-RELEASE-p10) > 2012-07-24 19:04:35 UTC (RELENG_8, 8.3-STABLE) > 2012-08-06 21:33:11 UTC (RELENG_8_3, 8.3-RELEASE-p4) > 2012-08-06 21:33:11 UTC (RELENG_8_2, 8.2-RELEASE-p10) > 2012-08-06 21:33:11 UTC (RELENG_8_1, 8.1-RELEASE-p13) > 2012-07-24 22:32:03 UTC (RELENG_9, 9.1-PRERELEASE) > 2012-08-06 21:33:11 UTC (RELENG_9_0, 9.0-RELEASE-p4) > CVE Name: CVE-2012-3817 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > BIND 9 is an implementation of the Domain Name System (DNS) protocols. > The named(8) daemon is an Internet Domain Name Server. > > DNS Security Extensions (DNSSEC) provides data integrity, origin > authentication and authenticated denial of existence to resolvers. So, a system where "cat /etc/namedb/named.conf |grep -i dnssec" returns nothing should not be vulnerable. Could you confirm this? bye & Thanks av.