From owner-freebsd-security@FreeBSD.ORG Wed Aug 1 22:39:57 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF1DE16A420 for ; Wed, 1 Aug 2007 22:39:57 +0000 (UTC) (envelope-from chris@JEAH.net) Received: from awww.jeah.net (awww.jeah.net [208.98.20.9]) by mx1.freebsd.org (Postfix) with ESMTP id 50EE513C4B0 for ; Wed, 1 Aug 2007 22:39:57 +0000 (UTC) (envelope-from chris@JEAH.net) Received: from awww.jeah.net (localhost.jeah.net [127.0.0.1]) by awww.jeah.net (8.13.8/8.14.1) with ESMTP id l71MD831074095 for ; Wed, 1 Aug 2007 17:13:08 -0500 (CDT) (envelope-from chris@JEAH.net) Received: from localhost (chris@localhost) by awww.jeah.net (8.13.8/8.12.2/Submit) with ESMTP id l71MD8rb074092 for ; Wed, 1 Aug 2007 17:13:08 -0500 (CDT) X-Authentication-Warning: awww.jeah.net: chris owned process doing -bs Date: Wed, 1 Aug 2007 17:13:08 -0500 (CDT) From: Chris Byrnes To: freebsd-security@freebsd.org In-Reply-To: <200708012127.l71LRTd1068382@freefall.freebsd.org> Message-ID: <20070801171209.J70871@awww.jeah.net> References: <200708012127.l71LRTd1068382@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.2.1 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on awww.jeah.net X-Mailman-Approved-At: Wed, 01 Aug 2007 23:18:46 +0000 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 22:39:57 -0000 -I/usr/src/usr.sbin/named/../../lib/bind -U__DATE__ -o named os.o aclconf.o builtin.o client.o config.o control.o controlconf.o interfacemgr.o listenlist.o log.o logconf.o main.o notify.o query.o server.o sortlist.o tkeyconf.o tsigconf.o update.o xfrout.o zoneconf.o lwaddr.o lwresd.o lwdclient.o lwderror.o lwdgabn.o lwdgnba.o lwdgrbn.o lwdnoop.o lwsearch.o ../../lib/bind/bind9/libbind9.a ../../lib/bind/dns/libdns.a ../../lib/bind/isccc/libisccc.a ../../lib/bind/isccfg/libisccfg.a ../../lib/bind/isc/libisc.a ../../lib/bind/lwres/liblwres.a -lcrypto ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x5f25): In function `validated': : undefined reference to `dns_validator_send' ../../lib/bind/dns/libdns.a(resolver.o)(.text+0x6061): In function `validated': : undefined reference to `dns_validator_send' *** Error code 1 Stop in /usr/src/usr.sbin/named. Anyone receiving the same? is a fix on the way? Please cc in replies. Thank you so much! Chris On Wed, 1 Aug 2007, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-07:07.bind Security Advisory > The FreeBSD Project > > Topic: Predictable query ids in named(8) > > Category: contrib > Module: bind > Announced: 2007-08-01 > Credits: Amit Klein > Affects: FreeBSD 5.3 and later. > Corrected: 2007-07-25 08:23:08 UTC (RELENG_6, 6.2-STABLE) > 2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7) > 2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19) > 2007-07-25 08:24:40 UTC (RELENG_5, 5.5-STABLE) > 2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15) > CVE Name: CVE-2007-2926 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > BIND 9 is an implementation of the Domain Name System (DNS) protocols. > The named(8) daemon is an Internet Domain Name Server. DNS requests > contain a query id which is used match a DNS request with the response > and to make it harder for anybody but the DNS server which received the > request to send a valid response. > > II. Problem Description > > When named(8) is operating as a recursive DNS server or sending NOTIFY > requests to slave DNS servers, named(8) uses a predictable query id. > > III. Impact > > An attacker who can see the query id for some request(s) sent by named(8) > is likely to be able to perform DNS cache poisoning by predicting the > query id for other request(s). > > IV. Workaround > > No workaround is available. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the > RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the > correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to FreeBSD 5.5, 6.1, > and 6.2 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch > # fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > # cd /usr/src/lib/bind > # make obj && make depend && make && make install > # cd /usr/src/usr.sbin/named > # make obj && make depend && make && make install > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > Branch Revision > Path > - ------------------------------------------------------------------------- > RELENG_5 > src/contrib/bind9/bin/named/client.c 1.1.1.1.2.5 > src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.2.3 > src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.2.2 > RELENG_5_5 > src/UPDATING 1.342.2.35.2.15 > src/sys/conf/newvers.sh 1.62.2.21.2.17 > src/contrib/bind9/bin/named/client.c 1.1.1.1.2.3.2.1 > src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.2.1.6.1 > src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.2.1.6.1 > RELENG_6 > src/contrib/bind9/bin/named/client.c 1.1.1.2.2.3 > src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.2 > src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.1 > RELENG_6_2 > src/UPDATING 1.416.2.29.2.10 > src/sys/conf/newvers.sh 1.69.2.13.2.10 > src/contrib/bind9/bin/named/client.c 1.1.1.2.2.1.4.2 > src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.10.2 > src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.10.1 > RELENG_6_1 > src/UPDATING 1.416.2.22.2.21 > src/sys/conf/newvers.sh 1.69.2.11.2.21 > src/contrib/bind9/bin/named/client.c 1.1.1.2.2.1.2.1 > src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.8.1 > src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.8.1 > - ------------------------------------------------------------------------- > > VII. References > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 > http://www.isc.org/sw/bind/bind-security.php > http://www.trusteer.com/docs/bind9dns_s.html > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-07:07.bind.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (FreeBSD) > > iD8DBQFGsPfzFdaIBMps37IRAgIfAJ9cO2LUUc0eb8T+6pltpha91wR2IgCeITpx > H3SHyAkPMSICqnT9nY/UBE8= > =Fop4 > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security-notifications@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications > To unsubscribe, send any mail to "freebsd-security-notifications-unsubscribe@freebsd.org" >