From owner-freebsd-security@FreeBSD.ORG Sat Oct 1 06:01:41 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A27B1065691 for ; Sat, 1 Oct 2011 06:01:41 +0000 (UTC) (envelope-from budiyt@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 436688FC12 for ; Sat, 1 Oct 2011 06:01:41 +0000 (UTC) Received: by vws11 with SMTP id 11so2576704vws.13 for ; Fri, 30 Sep 2011 23:01:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=fSAEMWsRbTSJl/GWf5JUx+xq0gdQBGVolNTS0fdxAiY=; b=WwC3DRwb9UoecFpHF84etj56+t6PvIWuEgcNGZgyZjkTbNK+DzGWHgkG7GGuC3NA5o G/26OVnYpvQ2vIW1Jk5LTjQiM1XLZ2IJw0Dq16ntFUYlgG3n716/wkfkr1ty0+XCjmqG hQt6eLnUi3YU4nR+Y2+g1aKtQPrmUWVVbAd28= MIME-Version: 1.0 Received: by 10.52.90.104 with SMTP id bv8mr9076613vdb.227.1317447308113; Fri, 30 Sep 2011 22:35:08 -0700 (PDT) Received: by 10.52.183.133 with HTTP; Fri, 30 Sep 2011 22:35:08 -0700 (PDT) In-Reply-To: <201109280905.p8S95pmZ098559@freefall.freebsd.org> References: <201109280905.p8S95pmZ098559@freefall.freebsd.org> Date: Sat, 1 Oct 2011 12:35:08 +0700 Message-ID: From: budsz To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: FreeBSD Security Advisory FreeBSD-SA-11:03.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Oct 2011 06:01:41 -0000 On Wed, Sep 28, 2011 at 4:05 PM, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > FreeBSD-SA-11:03.bind =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A0 Security Advisory > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0The FreeBSD Project > > Topic: =A0 =A0 =A0 =A0 =A0Remote packet Denial of Service against named(8= ) servers > > Category: =A0 =A0 =A0 contrib > Module: =A0 =A0 =A0 =A0 bind > Announced: =A0 =A0 =A02011-09-28 > Credits: =A0 =A0 =A0 =A0Roy Arends > Affects: =A0 =A0 =A0 =A08.2-STABLE after 2011-05-28 and prior to the corr= ection date > Corrected: =A0 =A0 =A02011-07-06 00:50:54 UTC (RELENG_8, 8.2-STABLE) > CVE Name: =A0 =A0 =A0 CVE-2011-2464 > > Note: This advisory concerns a vulnerability which existed only in > the FreeBSD 8-STABLE branch and was fixed over two months prior to the > date of this advisory. > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. =A0 Background > > BIND 9 is an implementation of the Domain Name System (DNS) protocols. > The named(8) daemon is an Internet Domain Name Server. > > II. =A0Problem Description > > A logic error in the BIND code causes the BIND daemon to accept bogus > data, which could cause the daemon to crash. > > III. Impact > > An attacker able to send traffic to the BIND daemon can cause it to > crash, resulting in a denial of service. > > IV. =A0Workaround > > No workaround is available, but systems not running the BIND name server > are not affected. > > V. =A0 Solution > > Upgrade your vulnerable system to 8-STABLE dated after the correction > date. > > VI. =A0Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > CVS: > > Branch =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Revision > =A0Path > - -----------------------------------------------------------------------= -- > RELENG_8 > =A0src/contrib/bind9/lib/dns/message.c =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 1.3.2.3 > - -----------------------------------------------------------------------= -- > > Subversion: > > Branch/path > Revision > - -----------------------------------------------------------------------= -- > stable/8/ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 r223815 > - -----------------------------------------------------------------------= -- > > VII. References > > http://www.isc.org/software/bind/advisories/cve-2011-2464 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2011-2464 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-11:03.bind.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.18 (FreeBSD) > > iEYEARECAAYFAk6C4CYACgkQFdaIBMps37LwQgCeIDVGsCWOLoVdmWogOOaPC1UG > 9G8AoJPlRbNmkEWMg7uoOYrvjWlRRdlK > =3DaUvD > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" > Only updating to 8.X for solution? there is no patch for this advisory? Thank You --=20 budsz