Date: Tue, 07 Aug 2012 08:15:54 +0200 From: Andrea Venturoli <ml@netfence.it> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-12:05.bind Message-ID: <5020B29A.4010304@netfence.it> In-Reply-To: <201208062212.q76MC5fc015846@freefall.freebsd.org> References: <201208062212.q76MC5fc015846@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/07/12 00:12, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-12:05.bind Security Advisory > The FreeBSD Project > > Topic: named(8) DNSSEC validation Denial of Service > > Category: contrib > Module: bind > Announced: 2012-08-06 > Credits: Einar Lonn of IIS.se > Affects: All supported versions of FreeBSD > Corrected: 2012-08-06 21:33:11 UTC (RELENG_7, 7.4-STABLE) > 2012-08-06 21:33:11 UTC (RELENG_7_4, 7.4-RELEASE-p10) > 2012-07-24 19:04:35 UTC (RELENG_8, 8.3-STABLE) > 2012-08-06 21:33:11 UTC (RELENG_8_3, 8.3-RELEASE-p4) > 2012-08-06 21:33:11 UTC (RELENG_8_2, 8.2-RELEASE-p10) > 2012-08-06 21:33:11 UTC (RELENG_8_1, 8.1-RELEASE-p13) > 2012-07-24 22:32:03 UTC (RELENG_9, 9.1-PRERELEASE) > 2012-08-06 21:33:11 UTC (RELENG_9_0, 9.0-RELEASE-p4) > CVE Name: CVE-2012-3817 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:http://security.FreeBSD.org/>. > > I. Background > > BIND 9 is an implementation of the Domain Name System (DNS) protocols. > The named(8) daemon is an Internet Domain Name Server. > > DNS Security Extensions (DNSSEC) provides data integrity, origin > authentication and authenticated denial of existence to resolvers. So, a system where "cat /etc/namedb/named.conf |grep -i dnssec" returns nothing should not be vulnerable. Could you confirm this? bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5020B29A.4010304>