Date: Tue, 5 Jul 2011 16:27:55 GMT From: Ryan Steinmetz <rpsfa@rit.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/158672: [vuxml] BIND CVE-2011-2464 + CVE-2011-2465 Message-ID: <201107051627.p65GRteB025743@red.freebsd.org> Resent-Message-ID: <201107051630.p65GU9wf001109@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 158672 >Category: misc >Synopsis: [vuxml] BIND CVE-2011-2464 + CVE-2011-2465 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Jul 05 16:30:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Ryan Steinmetz >Release: 8.2-RELEASE >Organization: Rochester Institute of Technology >Environment: >Description: -Document vulnerabilities in dns/bind96, dns/bind97 and dns/bind98 as well as FreeBSD versions affected by these CVEs -CVE-2011-2464 and CVE-2011-2465 -Please be aware that this PR relies on the creation of FreeBSD-SA-11:03.bind >How-To-Repeat: >Fix: Patch attached with submission follows: Index: vuln.xml =================================================================== RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.2396 diff -u -r1.2396 vuln.xml --- vuln.xml 3 Jul 2011 13:32:49 -0000 1.2396 +++ vuln.xml 5 Jul 2011 16:19:59 -0000 @@ -34,6 +34,79 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="4ccee784-a721-11e0-89b4-001ec9578670"> + <topic>BIND -- Remote DoS with certain RPZ configurations</topic> + <affects> + <package> + <name>bind98</name> + <range><lt>9.8.0.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ISC reports:</p> + <blockquote cite="http://www.isc.org/software/bind/advisories/cve-2011-2465"> + <p>Two defects were discovered in ISC's BIND 9 code. These defects only affect BIND 9 + servers which have recursion enabled and which use a specific feature of the software + known as Response Policy Zones (RPZ) and where the RPZ zone contains a specific + rule/action pattern.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-2465</cvename> + <url>http://www.isc.org/software/bind/advisories/cve-2011-2465</url> + </references> + <dates> + <discovery>2011-07-05</discovery> + <entry>2011-07-05</entry> + </dates> + </vuln> + + <vuln vid="fd64188d-a71d-11e0-89b4-001ec9578670"> + <topic>BIND -- Remote DoS against authoritative and recursive servers</topic> + <affects> + <package> + <name>bind96</name> + <range><lt>9.6.3.1.ESV.R4.3</lt></range> + </package> + <package> + <name>bind97</name> + <range><lt>9.7.3.3</lt></range> + </package> + <package> + <name>bind98</name> + <range><lt>9.8.0.4</lt></range> + </package> + <system> + <name>FreeBSD</name> + <range><gt>7.3</gt><lt>7.3_7</lt></range> + <range><gt>7.4</gt><lt>7.4_3</lt></range> + <range><gt>8.1</gt><lt>8.1_5</lt></range> + <range><gt>8.2</gt><lt>8.2_3</lt></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ISC reports:</p> + <blockquote cite="http://www.isc.org/software/bind/advisories/cve-2011-2464"> + <p>A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" + process to exit using a specially crafted packet.</p> + <p>This defect affects both recursive and authoritative servers.</p> + </blockquote> + </body> + </description> + <references> + <freebsdsa>SA-11:03.bind</freebsdsa> + <cvename>CVE-2011-2464</cvename> + <url>http://www.isc.org/software/bind/advisories/cve-2011-2464</url> + </references> + <dates> + <discovery>2011-07-05</discovery> + <entry>2011-07-05</entry> + </dates> + </vuln> + <vuln vid="7e4e5c53-a56c-11e0-b180-00216aa06fc2"> <topic>phpmyadmin -- multiple vulnerabilities</topic> <affects> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201107051627.p65GRteB025743>