Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 07 Aug 2012 08:15:54 +0200
From:      Andrea Venturoli <ml@netfence.it>
To:        freebsd-security@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-12:05.bind
Message-ID:  <5020B29A.4010304@netfence.it>
In-Reply-To: <201208062212.q76MC5fc015846@freefall.freebsd.org>
References:  <201208062212.q76MC5fc015846@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 08/07/12 00:12, FreeBSD Security Advisories wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> =============================================================================
> FreeBSD-SA-12:05.bind                                       Security Advisory
>                                                            The FreeBSD Project
>
> Topic:          named(8) DNSSEC validation Denial of Service
>
> Category:       contrib
> Module:         bind
> Announced:      2012-08-06
> Credits:        Einar Lonn of IIS.se
> Affects:        All supported versions of FreeBSD
> Corrected:      2012-08-06 21:33:11 UTC (RELENG_7, 7.4-STABLE)
>                  2012-08-06 21:33:11 UTC (RELENG_7_4, 7.4-RELEASE-p10)
>                  2012-07-24 19:04:35 UTC (RELENG_8, 8.3-STABLE)
>                  2012-08-06 21:33:11 UTC (RELENG_8_3, 8.3-RELEASE-p4)
>                  2012-08-06 21:33:11 UTC (RELENG_8_2, 8.2-RELEASE-p10)
>                  2012-08-06 21:33:11 UTC (RELENG_8_1, 8.1-RELEASE-p13)
>                  2012-07-24 22:32:03 UTC (RELENG_9, 9.1-PRERELEASE)
>                  2012-08-06 21:33:11 UTC (RELENG_9_0, 9.0-RELEASE-p4)
> CVE Name:       CVE-2012-3817
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:http://security.FreeBSD.org/>.
>
> I.   Background
>
> BIND 9 is an implementation of the Domain Name System (DNS) protocols.
> The named(8) daemon is an Internet Domain Name Server.
>
> DNS Security Extensions (DNSSEC) provides data integrity, origin
> authentication and authenticated denial of existence to resolvers.

So, a system where "cat /etc/namedb/named.conf |grep -i dnssec" returns 
nothing should not be vulnerable.

Could you confirm this?

  bye & Thanks
	av.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5020B29A.4010304>