From owner-freebsd-security@FreeBSD.ORG Wed Feb 16 14:18:51 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 63FB81065670 for ; Wed, 16 Feb 2011 14:18:51 +0000 (UTC) (envelope-from Eric_vanGyzen@McAfee.com) Received: from dalsmrelay2.nai.com (dalsmrelay2.nai.com [205.227.136.216]) by mx1.freebsd.org (Postfix) with ESMTP id 2C8E48FC17 for ; Wed, 16 Feb 2011 14:18:50 +0000 (UTC) Received: from (unknown [10.64.5.52]) by dalsmrelay2.nai.com with smtp (TLS: TLSv1/SSLv3,128bits,AES128-SHA) id 29f9_22c8_3be0df80_39d6_11e0_bfb2_00219b929abd; Wed, 16 Feb 2011 14:08:31 +0000 Received: from AMERDALEXMB1.corp.nai.org ([fe80::387d:3d79:ad3b:b517]) by DALEXHT2.corp.nai.org ([::1]) with mapi; Wed, 16 Feb 2011 08:07:02 -0600 From: To: Date: Wed, 16 Feb 2011 08:07:00 -0600 Thread-Topic: BIND 9.7.3 -- TCP DoS in SO_ACCEPTFILTER Thread-Index: AcvN4sevZLfN1tQ5Tz6f38POuR4Bqw== Message-ID: <35F3A97D5BAF454C84582219ABFAE3EC010AD9A7FB59@AMERDALEXMB1.corp.nai.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: BIND 9.7.3 -- TCP DoS in SO_ACCEPTFILTER X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Feb 2011 14:18:51 -0000 The release notes for BIND 9.7.3 contain this: * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled allows for a TCP DoS attack. Until there is a kernel fix, ISC is disabling SO_ACCEPTFILTER support in BIND. [RT #22589] The CHANGES file also says: 2996. [security] Temporarily disable SO_ACCEPTFILTER support. [RT #22589] Can anyone tell me more? What releases are affected? Is a kernel patch in= the works? Thanks in advance, Eric