From owner-freebsd-bugs@FreeBSD.ORG Thu Jul 17 02:01:11 2008 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B17F106564A for ; Thu, 17 Jul 2008 02:01:11 +0000 (UTC) (envelope-from ernest.park@airius.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.172]) by mx1.freebsd.org (Postfix) with ESMTP id 2FB1D8FC12 for ; Thu, 17 Jul 2008 02:01:11 +0000 (UTC) (envelope-from ernest.park@airius.com) Received: by wf-out-1314.google.com with SMTP id 24so4667633wfg.7 for ; Wed, 16 Jul 2008 19:01:10 -0700 (PDT) Received: by 10.142.217.17 with SMTP id p17mr382624wfg.23.1216258325294; Wed, 16 Jul 2008 18:32:05 -0700 (PDT) Received: by 10.142.98.19 with HTTP; Wed, 16 Jul 2008 18:32:05 -0700 (PDT) Message-ID: <6bd2e9fd0807161832w2cbf76d4h3a942550086c558a@mail.gmail.com> Date: Wed, 16 Jul 2008 21:32:05 -0400 From: "Ernest Park" Sender: ernest.park@airius.com To: freebsd-bugs@FreeBSD.org MIME-Version: 1.0 X-Google-Sender-Auth: 0e5ff6bb3752ba03 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Security Alert: : Response Requested X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2008 02:01:11 -0000 *Attention :* Our research shows that your project may be using BIND, and may be impacted by the vulnerabilities identified below. Can you please provide a response regarding the impact of the BIND vulnerabilities on **? If you have a resolution, or feel that you are using an unaffected version of BIND, please confirm such. Palamida's Research Group will report this issue within 24hrs. Your information will be used to update information reported to US-CERT, NVD and Palamida's data library regarding this vulnerability within **. 1. What version of BIND is used? 2. What is patch or resolution proposed? *The project may be affected by the following software vulnerabilities reported by US-Cert and NVD.* *Security Issue*: Project ** is suspected of using BIND. Versions other than *9.3.5-P1*, *9.4.3b2*, *9.5.0-P1*, *9.5.1b1, all released July 2008,* are considered potentially vulnerable to a number of identified exploits. *Recommendation*:(from maintainer ISC) *"ISC has discovered or has been notified of several bugs which can result in vulnerabilities of varying levels of severity in BIND as distributed by ISC. Upgrading to the latest BIND version is strongly recommended."* *Project*: ** *Project URL*: http://www.freebsd.org/ *Last Updated Date*: *2/27/08* *Current Release*: 7.0 Please feel free to contact me immediately. With Regards, Ernest Park VP, Research Group Palamida, Inc. http://palamida.com http://gpl3.blogspot.com 203-856-7778 ****************************************************************************************************************************************************************************************** Vulnerability version matrix ( http://www.isc.org/index.pl?/sw/bind/bind-security.php): # CVE number short description 0 1999-0833 Buffer overflow via NXT records. 1 1999-0835 Denial of service via malformed SIG records. 2 1999-0837 Denial of service by improperly closing TCP sessions via so_linger. 3 1999-0848 Denial of service named via consuming more than "fdmax" file descriptors. 4 1999-0849 Denial of service via maxdname. 5 1999-0851 Denial of service via naptr. 6 2000-0887 Denial of service by compressed zone transfer (ZXFR) request. 7 2000-0888 Denial of service via SRV record. 8 2001-0010 Buffer overflow in TSIG code allows root privileges. 9 2001-0011 Buffer overflow in nslookupComplain allows root privileges. 10 2001-0012 Ability to access sensitive information such as environment variables. 11 2001-0013 Format string vulnerability in nslookupComplain allows root privileges. 12 2002-0029 Buffer overflows in resolver library allows execution of arbitrary code. 13 2002-0400 Denial of service via malformed DNS packet. 14 2002-0651 Buffer overflow in resolver code may cause a DoS and arbitrary code execution. 15 2002-1220 Denial of service via request for nonexistent subdomain using large OPT RR. 16 2002-1221 Denial of service via SIG RR elements with invalid expiry times. 17 2003-0914 Cache poisoning via negative responses with a large TTL value. 18 2005-0033 Buffer overflow in recursion and glue code allows denial of service. 19 2005-0034 Denial of service via crafted DNS packets causing internal self-check to fail. 20 2006-4095 Denial of service via certain SIG queries that return multiple RRsets. 21 2006-4096 Denial of service via a flood of recursive queries causing INSIST failure. 22 2007-0493 Denial of service via unspecified vectors that cause named to "dereference a freed fetch context." 23 2007-0494 Denial of service via ANY query response containing multiple RRsets. 24 2007-2241 Sequence of queries can cause a recursive nameserver to exit. 25 2007-2925 allow-query-cache/allow-recursion default acls not set. 26 2007-2926 cryptographically weak query ids 27 2007-2930 cryptographically weak query ids (BIND 8) 28 2008-0122 inet_network() off-by-one buffer overflow 29 2008-1447 DNS cache poisoning issue