Date: Thu, 2 Jun 2011 20:21:33 -0400 From: Ryan Steinmetz <rpsfa@rit.edu> To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: misc/157548: [vuxml] BIND CVE-2011-1910 Message-ID: <20110603002133.GA43357@fast.rit.edu> In-Reply-To: <201106022350.p52No5x7012804@freefall.freebsd.org> References: <201106022346.p52NkpJt002624@red.freebsd.org> <201106022350.p52No5x7012804@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Fix typo in discovery date. [-- Attachment #2 --] --- /tmp/vuln.xml 2011-06-02 16:50:35.000000000 -0400 +++ vuln.xml 2011-06-02 19:43:37.000000000 -0400 @@ -34,6 +34,53 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="1e1421f0-8d6f-11e0-89b4-001ec9578670"> + <topic>BIND -- Large RRSIG RRsets and Negative Caching DoS</topic> + <affects> + <package> + <name>bind9-sdb-ldap</name> + <name>bind9-sdb-postgresql</name> + <range><lt>9.4.3.4</lt></range> + </package> + <package> + <name>bind96</name> + <range><lt>9.6.3.1.ESV.R4.1</lt></range> + </package> + <package> + <name>bind97</name> + <range><lt>9.7.3.1</lt></range> + </package> + <package> + <name>bind98</name> + <range><lt>9.8.0.2</lt></range> + </package> + <system> + <name>FreeBSD</name> + <range><gt>7.3</gt><lt>7.3_6</lt></range> + <range><gt>7.4</gt><lt>7.4_2</lt></range> + <range><gt>8.1</gt><lt>8.1_4</lt></range> + <range><gt>8.2</gt><lt>8.2_2</lt></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>ISC reports:</p> + <blockquote cite="http://www.isc.org/software/bind/advisories/cve-2011-1910">; + <p>A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-1910</cvename> + <freebsdsa>SA-11:02.bind</freebsdsa> + <url>http://www.isc.org/software/bind/advisories/cve-2011-1910</url>; + </references> + <dates> + <discovery>2011-05-26</discovery> + <entry>2011-06-02</entry> + </dates> + </vuln> + <vuln vid="34ce5817-8d56-11e0-b5a2-6c626dd55a41"> <topic>asterisk -- Remote crash vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110603002133.GA43357>