Date: Wed, 03 Apr 2013 12:48:40 +0300 From: Husnu Demir <hdemir@metu.edu.tr> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-13:04.bind Message-ID: <515BFAF8.4010205@metu.edu.tr> In-Reply-To: <201304021804.r32I4CAc046022@freefall.freebsd.org> References: <201304021804.r32I4CAc046022@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Merve, Bind kullandigimiz yerlerin guncellenmesini saglar misiniz? hdemir. On 02-04-2013 21:04, FreeBSD Security Advisories wrote: > ============================================================================= > > FreeBSD-SA-13:04.bind Security Advisory > The FreeBSD Project > > Topic: BIND remote denial of service > > Category: contrib Module: bind Announced: > 2013-04-02 Credits: Matthew Horsfall of Dyn, Inc. Affects: > FreeBSD 8.4-BETA1 and FreeBSD 9.x Corrected: 2013-03-28 > 05:35:46 UTC (stable/8, 8.4-BETA1) 2013-03-28 05:39:45 UTC > (stable/9, 9.1-STABLE) 2013-04-02 17:34:42 UTC (releng/9.0, > 9.0-RELEASE-p7) 2013-04-02 17:34:42 UTC (releng/9.1, > 9.1-RELEASE-p2) CVE Name: CVE-2013-2266 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and > the following sections, please visit > <URL:http://security.FreeBSD.org/>. > > I. Background > > BIND 9 is an implementation of the Domain Name System (DNS) > protocols. The named(8) daemon is an Internet Domain Name Server. > The libdns library is a library of DNS protocol support functions. > > II. Problem Description > > A flaw in a library used by BIND allows an attacker to > deliberately cause excessive memory consumption by the named(8) > process. This affects both recursive and authoritative servers. > > III. Impact > > A remote attacker can cause the named(8) daemon to consume all > available memory and crash, resulting in a denial of service. > Applications linked with the libdns library, for instance dig(1), > may also be affected. > > IV. Workaround > > No workaround is available, but systems not running named(8) > service and not using base system DNS utilities are not affected. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction > date. > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the > applicable FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify > the detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch # > fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc # > gpg --verify bind.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src # patch < /path/to/patch > > Recompile the operating system using buildworld and installworld > as described in > <URL:http://www.FreeBSD.org/handbook/makeworld.html>. > > Restart the named daemon, or reboot the system. > > 3) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch # freebsd-update install > > VI. Correction details > > The following list contains the revision numbers of each file that > was corrected in FreeBSD. > > Branch/path > Revision > ------------------------------------------------------------------------- > > stable/8/ r248807 > stable/9/ > r248808 releng/9.0/ > r249029 releng/9.1/ > r249029 > ------------------------------------------------------------------------- > > VII. References > > https://kb.isc.org/article/AA-00871 > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security To > unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJRW/r4AAoJEISpBAM51qlEN58IAK74u4pPydC5kDSQlYeHKTG8 vt1Hzl8tfjfNzs9kKb4pDhirQzCjFlqXWoAtT88K1WU585deV1WJafPt5PpRQK+h SwPBqe1Wunou8ELzUisZq/jdF+vd2mgYP4Vq2WBUZUrwjPFXOJrlg5aAq919o42v h0QsiTVxD+FR3LJAg0bA/8FFyjZO/rFkstYZen9N6Mp1D4u46UgVLnK4HU1pMyfu s0m5A2yHcXv1dyEGOpfxStwk41ei82V+Ol56ioOj+vGSKfJ2+4MbUx7P89HwNJyC w/3NmY6HSDkHHYXjcoj2y+2yVcSF7st4Hfi6NJ32pPqMADzK1t/1ySaJn3bPkhQ= =YgI6 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?515BFAF8.4010205>