Date: Thu, 11 Nov 1999 13:32:39 -0800 (PST) From: mike@sentex.net To: freebsd-gnats-submit@freebsd.org Subject: ports/14828: Current version of BIND in the ports and the src/contrib is vulnerable to serveral DOS attacks Message-ID: <19991111213239.9A26E14C1D@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 14828 >Category: ports >Synopsis: Current version of BIND in the ports and the src/contrib is vulnerable to serveral DOS attacks >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Nov 11 13:40:01 PST 1999 >Closed-Date: >Last-Modified: >Originator: Mike Tancsa >Release: 3.3, but all versions effected >Organization: Sentex Communications >Environment: FreeBSD 3.3-STABLE #1: Wed Nov 10 16:52:28 EST 1999 >Description: See CERT Advisory CA-99.14 - Multiple Vulnerabilities in BIND or http://www.isc.org/products/BIND/bind-security-19991108.html >How-To-Repeat: run bind 8.1.x or greater as a port, or use it from src/contrib/bind >Fix: Upgrade to the latest version src/contrib/bind needs to be updated For the port, --- Makefile.orig Wed Nov 10 22:57:07 1999 +++ Makefile Thu Nov 11 16:26:50 1999 @@ -1,15 +1,15 @@ # New ports collection makefile for: bind -# Version required: 8.2.1 +# Version required: 8.2.2-P3 # Date created: 18 July 1997 # Whom: jseger@scds.com # # $FreeBSD: ports/net/bind8/Makefile,v 1.14 1999/08/30 14:22:09 peter Exp $ # -DISTNAME= bind-8.2.1 +DISTNAME= bind-8.2.2-P3 CATEGORIES= net -MASTER_SITES= ftp://ftp.isc.org/isc/bind/src/8.2.1/ -DISTFILES= bind-src.tar.gz bind-doc.tar.gz +MASTER_SITES= ftp://ftp.isc.org/isc/bind/src/8.2.2-P3/ +DISTFILES= bind-src.tar.gz bind-doc.tar.gz MAINTAINER= jseger@FreeBSD.org marble3# diff -ru files/md5.orig files/md5 --- files/md5.orig Thu Nov 11 16:28:24 1999 +++ files/md5 Thu Nov 11 16:28:29 1999 @@ -1,2 +1,2 @@ -MD5 (bind-src.tar.gz) = 449cad9c83d31c28179d3fa9dabd3a38 -MD5 (bind-doc.tar.gz) = 52ba164906f8cb5d0fe1d06ceb5ac5db +MD5 (bind-src.tar.gz) = c782af1a8058d6d2d3c95c1385a5c8c0 +MD5 (bind-doc.tar.gz) = 42025ab4bed0f13ab612ec5984abe2f0 and add the following patch marble3# cat patches/patch-ac Index: src/bin/named-xfer/named-xfer.c =================================================================== RCS file: /proj/cvs/isc/bind/src/bin/named-xfer/named-xfer.c,v retrieving revision 8.88 retrieving revision 8.89 diff -c -r8.88 -r8.89 *** src/bin/named-xfer/named-xfer.c 1999/11/08 23:01:39 8.88 --- src/bin/named-xfer/named-xfer.c 1999/11/09 20:36:54 8.89 *************** *** 2195,2201 **** zp->z_origin, zp_finish.z_serial); } soa_cnt++; ! if ((methode == ISIXFR) || (soa_cnt > 2)) { return (result); } } else { --- 2195,2201 ---- zp->z_origin, zp_finish.z_serial); } soa_cnt++; ! if ((methode == ISIXFR) || (soa_cnt >= 2)) { return (result); } } else { >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991111213239.9A26E14C1D>