From owner-freebsd-security@FreeBSD.ORG Fri Jul 26 11:40:40 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 53F1C3FE for ; Fri, 26 Jul 2013 11:40:40 +0000 (UTC) (envelope-from feld@freebsd.org) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 2A87523AA for ; Fri, 26 Jul 2013 11:40:40 +0000 (UTC) Received: from compute2.internal (compute2.nyi.mail.srv.osa [10.202.2.42]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 271FC2129F for ; Fri, 26 Jul 2013 07:40:35 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute2.internal (MEProxy); Fri, 26 Jul 2013 07:40:37 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:subject:date; s=smtpout; bh=rPM0f0UyesldrTJpTObvG8USZvE=; b=n33omQql+8bt2avV5w1XMVq8512b VvSSahKVuWC5Alrv7qwT50SNCNYZGQzuDryUTnJE6WRsRLfgGATLvvc8yE/Uax29 sp/+fK+80ESdEWrzOneXW8GWOwyPJ2k/NXyughvm8XxM0PD3b3w9K9BVuTMvEcE1 UP2e/pO5Oo/s+5Y= Received: by web3.nyi.mail.srv.osa (Postfix, from userid 99) id 8C9D4B01D6D; Fri, 26 Jul 2013 07:40:35 -0400 (EDT) Message-Id: <1374838835.16740.1844463.72B1ED2B@webmail.messagingengine.com> X-Sasl-Enc: Qv03uXNTCSpoWVBXJZdDZB24KDO8qeJ6GmD3vLmF3nal 1374838835 From: Mark Felder To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-23e62cd3 Subject: nginx exploit / accept filters Date: Fri, 26 Jul 2013 06:40:35 -0500 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jul 2013 11:40:40 -0000 As described here: http://lists.grok.org.uk/pipermail/full-disclosure/2013-July/091084.html If I understand this correctly our accept filters will have zero effect on stopping this exploit, correct? From owner-freebsd-security@FreeBSD.ORG Fri Jul 26 18:03:09 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 22E3E829; Fri, 26 Jul 2013 18:03:09 +0000 (UTC) (envelope-from jmg@h2.funkthat.com) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id EA363292A; Fri, 26 Jul 2013 18:03:08 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id r6QI32Cp078547 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 26 Jul 2013 11:03:02 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id r6QI32XL078546; Fri, 26 Jul 2013 11:03:02 -0700 (PDT) (envelope-from jmg) Date: Fri, 26 Jul 2013 11:03:02 -0700 From: John-Mark Gurney To: Mark Felder Subject: Re: nginx exploit / accept filters Message-ID: <20130726180302.GQ26412@funkthat.com> Mail-Followup-To: Mark Felder , freebsd-security@freebsd.org References: <1374838835.16740.1844463.72B1ED2B@webmail.messagingengine.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1374838835.16740.1844463.72B1ED2B@webmail.messagingengine.com> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Fri, 26 Jul 2013 11:03:02 -0700 (PDT) Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jul 2013 18:03:09 -0000 Mark Felder wrote this message on Fri, Jul 26, 2013 at 06:40 -0500: > As described here: > http://lists.grok.org.uk/pipermail/full-disclosure/2013-July/091084.html > > If I understand this correctly our accept filters will have zero effect > on stopping this exploit, correct? Depending upon where the overflow happens, it could make it even easier to exploit... If the overflow happens in the header part, then the http accept filter will make it even easier, and not require the attacker to do tricks at the TCP layer... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." From owner-freebsd-security@FreeBSD.ORG Fri Jul 26 23:05:53 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id EB5E2CF1 for ; Fri, 26 Jul 2013 23:05:53 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from keltia.net (cl-90.mrs-01.fr.sixxs.net [IPv6:2a01:240:fe00:59::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id ADC282532 for ; Fri, 26 Jul 2013 23:05:53 +0000 (UTC) Received: from lonrach.local (foret.keltia.net [78.232.116.160]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: roberto) by keltia.net (Postfix) with ESMTPSA id 1BA1652AE for ; Sat, 27 Jul 2013 01:05:52 +0200 (CEST) Date: Sat, 27 Jul 2013 01:05:49 +0200 From: Ollivier Robert To: freebsd-security@freebsd.org Subject: bind9 and CVE-2013-4854 Message-ID: <20130726230549.GB64252@lonrach.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Operating-System: MacOS X / MBP 4,1 - FreeBSD 8.0 / T3500-E5520 Nehalem User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jul 2013 23:05:54 -0000 I have updated both dns/bind98 and dns/bind99 to fix CVE-2013-4854 as indicated in https://kb.isc.org/article/AA-01015/0 A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query. BIND 9.6 and BIND 9.6-ESV are unaffected by this problem. Earlier branches of BIND 9 are believed to be unaffected but have not been tested. BIND 10 is also unaffected by this issue. Please Note: All versions of BIND 9.7 are known to be affected, but these branches are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. For current information on which versions are actively supported, please see http://www.isc.org/downloads/software-support-policy/bind-software-status/. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr In memoriam to Ondine : http://ondine.keltia.net/ From owner-freebsd-security@FreeBSD.ORG Fri Jul 26 23:13:16 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id CB994E9C for ; Fri, 26 Jul 2013 23:13:16 +0000 (UTC) (envelope-from booloo@ucsc.edu) Received: from mail-qc0-x236.google.com (mail-qc0-x236.google.com [IPv6:2607:f8b0:400d:c01::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8B4BF2585 for ; Fri, 26 Jul 2013 23:13:16 +0000 (UTC) Received: by mail-qc0-f182.google.com with SMTP id c11so808271qcv.41 for ; Fri, 26 Jul 2013 16:13:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ucsc.edu; s=ucsc-google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HBs+am7bw+CPi2+y2Z5lFBIZEgYysxPuOuDpz3vV/IA=; b=Hgh2+P0cVMk5cm1Lsm8CMkd3pKqwS2xdwSbpLDAFKrcLYKG07J49KI05tH5jdP0f76 oaKvPfkUU3Vvo1Z9lunrm3K+d3HK9I0N5F7eW+DUbXt+vbjT1JH+6l3GoVzCNhVf6OGZ /Ji002ILFCGng1ESl8bwyq6H1kmmgrqivQaZE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=HBs+am7bw+CPi2+y2Z5lFBIZEgYysxPuOuDpz3vV/IA=; b=RLN2o+nBNUzczCBCJY/ftyCDbiBYSvSDE2wC+JM+lxmFgX/Kl7Dpc6yHpLB66Y5wJ5 sgFWDovhWPqCSuynCW+ymxS0HWTBqgHr2oKjXyBuPqa1lPkM24y55jjV78ORmDPt3IP1 BRbSP2V/NzmBDCmoJ+w2IfmSim0PZN6+2R/m7fvNOqo1lkbyUoouZ7hp9FD6GVgKywDX JukSM6DpQ3gCIPgVVsKX4r+jSs30ypSSs7IkwAQ8vTjJH5hlb9ImTO0Uoh0mxmycJfSS gf5In1s8zZm/JpBk54sFprdjgrpvKG7SA0JUOajvgABhiipbUe67+NGj0NZgaLsprgWV JzQA== MIME-Version: 1.0 X-Received: by 10.49.35.51 with SMTP id e19mr31555668qej.16.1374880395617; Fri, 26 Jul 2013 16:13:15 -0700 (PDT) Received: by 10.49.0.237 with HTTP; Fri, 26 Jul 2013 16:13:15 -0700 (PDT) In-Reply-To: <20130726230549.GB64252@lonrach.local> References: <20130726230549.GB64252@lonrach.local> Date: Fri, 26 Jul 2013 16:13:15 -0700 Message-ID: Subject: Re: bind9 and CVE-2013-4854 From: Mark Boolootian To: Ollivier Robert Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQmCA/xBkL0gaL5Mvk//FSj4aibTHGgLGBDqYEAIrY5qE4mLev4gPgBjnm/FmvrirpvaCyh1 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jul 2013 23:13:16 -0000 > I have updated both dns/bind98 and dns/bind99 to fix CVE-2013-4854 as indicated in > https://kb.isc.org/article/AA-01015/0 Thank you very much for that. Does this include the RRL/RPZ patches? mark From owner-freebsd-security@FreeBSD.ORG Sat Jul 27 03:41:28 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id DCA25D95; Sat, 27 Jul 2013 03:41:28 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C97B42F0C; Sat, 27 Jul 2013 03:41:28 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r6R3fSBp019125; Sat, 27 Jul 2013 03:41:28 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r6R3fSA6019123; Sat, 27 Jul 2013 03:41:28 GMT (envelope-from security-advisories@freebsd.org) Date: Sat, 27 Jul 2013 03:41:28 GMT Message-Id: <201307270341.r6R3fSA6019123@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-13:07.bind Precedence: bulk X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2013 03:41:28 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:07.bind Security Advisory The FreeBSD Project Topic: BIND remote denial of service Category: contrib Module: bind Announced: 2013-07-26 Credits: Maxim Shudrak and the HP Zero Day Initiative, ISC Affects: FreeBSD 8.4-RELEASE and FreeBSD 9.x Corrected: 2013-07-26 22:53:17 UTC (stable/8, 8.4-STABLE) 2013-07-26 22:40:17 UTC (releng/8.4, 8.4-RELEASE-p2) 2013-07-26 22:43:09 UTC (stable/9, 9.2-BETA2) 2013-07-26 22:40:23 UTC (releng/9.1, 9.1-RELEASE-p5) CVE Name: CVE-2013-4854 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. The libdns library is a library of DNS protocol support functions. II. Problem Description Due to a software defect a specially crafted query which includes malformed rdata, could cause named(8) to crash with an assertion failure and rejecting the malformed query. This issue affects both recursive and authoritative-only nameservers. III. Impact An attacker who can send a specially crafted query could cause named(8) to crash, resulting in a denial of service. IV. Workaround No workaround is available, but systems not running the named(8) service and not using the base system DNS utilities are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-13:07/bind.patch # fetch http://security.FreeBSD.org/patches/SA-13:07/bind.patch.asc # gpg --verify bind.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart the named daemon, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r253696 releng/8.4/ r253692 stable/9/ r253695 releng/9.1/ r253693 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing XXXXXX with the revision number, on a machine with Subversion installed: # svn diff -cXXXXXX --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing XXXXXX with the revision number: VII. References https://kb.isc.org/article/AA-01015 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-13:07.bind.asc -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlHzPpMACgkQFdaIBMps37Jb2ACdFqaNTTBFiOCuz30MJ5s85UVd MzoAn2ebCjqULwyEbJaeTlck87NPfQWR =RFf2 -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Sat Jul 27 03:41:35 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 7318DD9A; Sat, 27 Jul 2013 03:41:35 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5FFF32F11; Sat, 27 Jul 2013 03:41:35 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r6R3fZxp019168; Sat, 27 Jul 2013 03:41:35 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r6R3fZqI019166; Sat, 27 Jul 2013 03:41:35 GMT (envelope-from security-advisories@freebsd.org) Date: Sat, 27 Jul 2013 03:41:35 GMT Message-Id: <201307270341.r6R3fZqI019166@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver Precedence: bulk X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2013 03:41:35 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:08.nfsserver Security Advisory The FreeBSD Project Topic: Incorrect privilege validation in the NFS server Category: core Module: nfsserver Announced: 2013-07-26 Credits: Rick Macklem, Christopher Key, Tim Zingelman Affects: FreeBSD 8.3, FreeBSD 9.0 and FreeBSD 9.1 Corrected: 2012-12-28 14:06:49 UTC (stable/9, 9.2-BETA2) 2013-07-26 22:40:23 UTC (releng/9.1, 9.1-RELEASE-p5) 2013-01-06 01:11:45 UTC (stable/8, 8.3-STABLE) 2013-07-26 22:40:29 UTC (releng/8.3, 8.3-RELEASE-p9) CVE Name: CVE-2013-4851 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The Network File System (NFS) allows a host to export some or all of its file systems so that other hosts can access them over the network and mount them as if they were on local disks. FreeBSD includes both server and client implementations of NFS. II. Problem Description The kernel incorrectly uses client supplied credentials instead of the one configured in exports(5) when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. III. Impact The remote client may supply privileged credentials (e.g. the root user) when accessing a file under the NFS share, which will bypass the normal access checks. IV. Workaround Systems that do not provide the NFS service are not vulnerable. Systems that do provide the NFS service are only vulnerable when -mapall or -maproot is used in combination with network and/or host restrictions. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-13:08/nfsserver.patch # fetch http://security.FreeBSD.org/patches/SA-13:08/nfsserver.patch.asc # gpg --verify nfsserver.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r245086 releng/8.3/ r253694 stable/9/ r244772 releng/9.1/ r253693 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing XXXXXX with the revision number, on a machine with Subversion installed: # svn diff -cXXXXXX --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing XXXXXX with the revision number: VII. References The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-13:08.nfsserver.asc -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlHzPrkACgkQFdaIBMps37I9YACfSu4orRhgOhol8vacW9kF3ZGP jtAAn0t2i14CMo1MT5MztI6RWX3hnUWZ =xjf/ -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Sat Jul 27 08:55:03 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 7C780D45 for ; Sat, 27 Jul 2013 08:55:03 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from keltia.net (cl-90.mrs-01.fr.sixxs.net [IPv6:2a01:240:fe00:59::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 3DE7A2CDA for ; Sat, 27 Jul 2013 08:55:03 +0000 (UTC) Received: from lonrach.local (foret.keltia.net [78.232.116.160]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: roberto) by keltia.net (Postfix) with ESMTPSA id CA77852B1; Sat, 27 Jul 2013 10:55:00 +0200 (CEST) Date: Sat, 27 Jul 2013 10:54:59 +0200 From: Ollivier Robert To: Mark Boolootian Subject: Re: bind9 and CVE-2013-4854 Message-ID: <20130727085458.GB68862@lonrach.local> References: <20130726230549.GB64252@lonrach.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: MacOS X / MBP 4,1 - FreeBSD 8.0 / T3500-E5520 Nehalem User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2013 08:55:03 -0000 According to Mark Boolootian: > Thank you very much for that. Does this include the RRL/RPZ patches? The -P1 patch seems to apply and run on the -P2 version (security patch is very isolated to one line). -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr In memoriam to Ondine : http://ondine.keltia.net/ From owner-freebsd-security@FreeBSD.ORG Sat Jul 27 09:46:25 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 2C34336E for ; Sat, 27 Jul 2013 09:46:25 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from keltia.net (cl-90.mrs-01.fr.sixxs.net [IPv6:2a01:240:fe00:59::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DF4432DE2 for ; Sat, 27 Jul 2013 09:46:24 +0000 (UTC) Received: from lonrach.local (foret.keltia.net [78.232.116.160]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: roberto) by keltia.net (Postfix) with ESMTPSA id C02B352AE; Sat, 27 Jul 2013 11:46:21 +0200 (CEST) Date: Sat, 27 Jul 2013 11:46:20 +0200 From: Ollivier Robert To: Mathieu Arnold Subject: Re: bind9 and CVE-2013-4854 Message-ID: <20130727094619.GC68862@lonrach.local> References: <20130726230549.GB64252@lonrach.local> <20130727085458.GB68862@lonrach.local> <5A5E501DD129AD6413C499A6@atuin.in.mat.cc> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5A5E501DD129AD6413C499A6@atuin.in.mat.cc> X-Operating-System: MacOS X / MBP 4,1 - FreeBSD 8.0 / T3500-E5520 Nehalem User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Mark Boolootian , freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2013 09:46:25 -0000 According to Mathieu Arnold: > There is a new patchset for both bind versions though. > http://ss.vix.su/~vjs/rrlrpz.html Excellent, will update. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr In memoriam to Ondine : http://ondine.keltia.net/ From owner-freebsd-security@FreeBSD.ORG Sat Jul 27 09:32:37 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 809002F4 for ; Sat, 27 Jul 2013 09:32:37 +0000 (UTC) (envelope-from mat@mat.cc) Received: from prod2.absolight.net (mx3.absolight.net [IPv6:2a01:678:2:100::25]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 432AA2DA6 for ; Sat, 27 Jul 2013 09:32:35 +0000 (UTC) Received: from prod2.absolight.net (localhost [127.0.0.1]) by prod2.absolight.net (Postfix) with ESMTP id C772CBDC1F; Sat, 27 Jul 2013 11:32:32 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mat.cc; h=date:from:to:cc :subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=plouf; bh=iqOG6AD1cGP eyHLLLGQ1L84lTns=; b=gXvgmUzrbNDR36Ow6pC25kbLKuRQe9eHkN9AgyLbWPE h+tESqeegamh725+EX3BE+pBQcIlwIeedOGMVM/PXgeisLCzkHesakYpdxSSY56n sDv0uqsJhzzxP2Xzzh0OQzB5rxxv2uW8Z95d4tNG5xattWB3KrKxdIpLyFj2AScc = Received: from atuin.in.mat.cc (atuin.in.mat.cc [79.143.241.205]) by prod2.absolight.net (Postfix) with ESMTPA id 9CAC0BDC1D; Sat, 27 Jul 2013 11:32:32 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by atuin.in.mat.cc (Postfix) with ESMTP id 44574C03153A; Sat, 27 Jul 2013 11:32:32 +0200 (CEST) Date: Sat, 27 Jul 2013 11:32:31 +0200 From: Mathieu Arnold To: Ollivier Robert , Mark Boolootian Subject: Re: bind9 and CVE-2013-4854 Message-ID: <5A5E501DD129AD6413C499A6@atuin.in.mat.cc> In-Reply-To: <20130727085458.GB68862@lonrach.local> References: <20130726230549.GB64252@lonrach.local> <20130727085458.GB68862@lonrach.local> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Mailman-Approved-At: Sat, 27 Jul 2013 11:42:18 +0000 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2013 09:32:37 -0000 +--On 27 juillet 2013 10:54:59 +0200 Ollivier Robert wrote: | According to Mark Boolootian: |> Thank you very much for that. Does this include the RRL/RPZ patches? | | The -P1 patch seems to apply and run on the -P2 version (security patch | is very isolated to one line). There is a new patchset for both bind versions though. http://ss.vix.su/~vjs/rrlrpz.html -- Mathieu Arnold From owner-freebsd-security@FreeBSD.ORG Sat Jul 27 18:06:13 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 10E2026A for ; Sat, 27 Jul 2013 18:06:13 +0000 (UTC) (envelope-from plosher@plosh.net) Received: from mail-pd0-f177.google.com (mail-pd0-f177.google.com [209.85.192.177]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D47B52EFB for ; Sat, 27 Jul 2013 18:06:12 +0000 (UTC) Received: by mail-pd0-f177.google.com with SMTP id u11so3983829pdi.8 for ; Sat, 27 Jul 2013 11:06:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding:x-mailer :x-gm-message-state; bh=4E8bqKZBBTtD0yI179XUUjANrlzvNArTUto2KwvPUn4=; b=OM+eA+k/Wbp/+XgwRbzEX66HlgcM8E8OsME9WDWQO4fv2VqY5e3TMQucobG064GI0d rG9ieH7onrWcOiux/VE4BQf2k8oWhmhXVLfnp3dR9BCQ7GEa8uZvlkqdr+01UtXf7cP1 q2M+mL0NmEs3r77s6PLEV8r30Ygq8fT96j7EjOsmbBYp8cQ5SRRY5H9HfGYPsVZRn90X YOiw1f7uaPLkNNo9tCxLp+U9IfnBlfHp2T1YpYDscbw/RUdBJxRFmjBjrG2X+ibuVSGT mScawCHfD6A1SCeqwddsoOwFZJxXhWPfuNBTjkp4Hk2HddHb6skgBYFmvpjmEcPMEx7F xd2g== X-Received: by 10.68.235.103 with SMTP id ul7mr59917513pbc.14.1374948371941; Sat, 27 Jul 2013 11:06:11 -0700 (PDT) Received: from [10.0.42.18] (nat.sql1.plosh.net. [50.78.109.150]) by mx.google.com with ESMTPSA id r7sm10774475pao.18.2013.07.27.11.06.09 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 27 Jul 2013 11:06:10 -0700 (PDT) From: "Peter Losher" To: "Ollivier Robert" Subject: Re: bind9 and CVE-2013-4854 Date: Sat, 27 Jul 2013 11:06:09 -0700 Message-ID: <46029EF7-D574-4953-AE8D-4BA79F5295BB@plosh.net> In-Reply-To: <20130727085458.GB68862@lonrach.local> References: <20130726230549.GB64252@lonrach.local> <20130727085458.GB68862@lonrach.local> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailer: MailMate (1.6r3549) X-Gm-Message-State: ALoCoQmH6VgBDigTo/Ffl2KaxBfH4499mpO14KzaRPdC/rjCzN0z9GxuYQ3Hq1XY13YEUXFVLXaB Cc: Mark Boolootian , freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2013 18:06:13 -0000 On 27 Jul 2013, at 1:54, Ollivier Robert wrote: > According to Mark Boolootian: >> Thank you very much for that. Does this include the RRL/RPZ patches? > > The -P1 patch seems to apply and run on the -P2 version (security > patch is very isolated to one line). Note that this week ISC have announced going forward that RRL will be integrated into the mainline BIND releases. Re: http://www.isc.org/blogs/isc-adds-ddos-defense-module-to-bind-software/ So the need for patches for RRL will be a moot point soon… ;) Best Wishes - Peter -- [ http://www.plosh.net/ ] - "Earth Halted: Please reboot to continue" From owner-freebsd-security@FreeBSD.ORG Sat Jul 27 21:08:18 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id C8A78AA3 for ; Sat, 27 Jul 2013 21:08:18 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from keltia.net (cl-90.mrs-01.fr.sixxs.net [IPv6:2a01:240:fe00:59::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 883142538 for ; Sat, 27 Jul 2013 21:08:18 +0000 (UTC) Received: from lonrach.local (foret.keltia.net [78.232.116.160]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: roberto) by keltia.net (Postfix) with ESMTPSA id 41AEA52AE; Sat, 27 Jul 2013 23:08:14 +0200 (CEST) Date: Sat, 27 Jul 2013 23:08:09 +0200 From: Ollivier Robert To: Peter Losher Subject: Re: bind9 and CVE-2013-4854 Message-ID: <20130727210809.GA70513@lonrach.local> References: <20130726230549.GB64252@lonrach.local> <20130727085458.GB68862@lonrach.local> <46029EF7-D574-4953-AE8D-4BA79F5295BB@plosh.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <46029EF7-D574-4953-AE8D-4BA79F5295BB@plosh.net> X-Operating-System: MacOS X / MBP 4,1 - FreeBSD 8.0 / T3500-E5520 Nehalem User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Mark Boolootian , freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2013 21:08:18 -0000 According to Peter Losher: > Note that this week ISC have announced going forward that RRL will > be integrated into the mainline BIND releases. Excellent, thanks Peter! -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr In memoriam to Ondine : http://ondine.keltia.net/