Date: Wed, 26 Nov 2003 19:11:30 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: freebsd-security@freebsd.org Subject: HEADS-UP: BIND denial-of-service vulnerability Message-ID: <20031127011130.GA80820@madman.celabo.org>
next in thread | raw e-mail | index | archive | help
--UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Everyone, ISC has released new versions of BIND 8 which address a remotely exploitable denial-of-service vulnerability that may allow an attacker to perform `negative cache poisoning'--- convincing a name server that certain RRs do not exist (even though they may). I do not know of any workaround at this time. I have committed fixes to the RELENG_5_1 and RELENG_4_9 security branches. Due to personal obligations this evening [*], I will likely not update RELENG_4_8 and RELENG_4_7 until sometime tomorrow. Likewise, the advisory will follow tomorrow. However, you can find patches at the following URLs: [FreeBSD -CURRENT, -STABLE, 4.9] ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch.asc [FreeBSD 5.1, 4.8] ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch.asc [FreeBSD 4.7, 4.6, 4.5, 4.4] ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch.asc (If you don't find them at ftp.freebsd.org, try ftp2.freebsd.org.) I expect Doug Barton will upgrade BIND 8 in -STABLE and -CURRENT tonight or tomorrow. Cheers, --=20 Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se [*] Happy Thanksgiving to those celebrating it, by the way! ----- Forwarded message from Jacques Vidrine <nectar@FreeBSD.org> ----- Date: Wed, 26 Nov 2003 16:54:53 -0800 (PST) =46rom: Jacques Vidrine <nectar@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src UPDATING src/sys/conf newvers.sh src/contrib/bind Version src/contrib/bind/bin/named ns_resp.c Message-Id: <200311270054.hAR0srnr052777@repoman.freebsd.org> nectar 2003/11/26 16:54:53 PST FreeBSD src repository Modified files: (Branch: RELENG_5_1) . UPDATING=20 sys/conf newvers.sh=20 contrib/bind Version=20 contrib/bind/bin/named ns_resp.c=20 Log: Correct a remote denial-of-service attack in named(8). =20 Revision Changes Path 1.251.2.13 +3 -0 src/UPDATING 1.1.1.11.2.1 +1 -1 src/contrib/bind/Version 1.1.1.11.2.1 +9 -3 src/contrib/bind/bin/named/ns_resp.c 1.50.2.13 +1 -1 src/sys/conf/newvers.sh ----- End forwarded message ----- ----- Forwarded message from Jacques Vidrine <nectar@FreeBSD.org> ----- Date: Wed, 26 Nov 2003 16:56:06 -0800 (PST) =46rom: Jacques Vidrine <nectar@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src UPDATING src/sys/conf newvers.sh src/contrib/bind Version src/contrib/bind/bin/named ns_resp.c Message-Id: <200311270056.hAR0u62k052941@repoman.freebsd.org> nectar 2003/11/26 16:56:06 PST FreeBSD src repository Modified files: (Branch: RELENG_4_9) . UPDATING=20 sys/conf newvers.sh=20 contrib/bind Version=20 contrib/bind/bin/named ns_resp.c=20 Log: Correct a remote denial-of-service attack in named(8). =20 Revision Changes Path 1.73.2.89.2.2 +12 -0 src/UPDATING 1.1.1.3.2.9.2.1 +1 -1 src/contrib/bind/Version 1.1.1.2.2.10.2.1 +9 -3 src/contrib/bind/bin/named/ns_resp.c 1.44.2.32.2.2 +1 -1 src/sys/conf/newvers.sh ----- End forwarded message ----- --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/xU9CFdaIBMps37IRAujJAJ9IiFfICLAxC3cjuxeuyiK7/X2KtwCeMcNf WfgT8Xi8deadiIDN/qWDQIk= =i2LN -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031127011130.GA80820>