NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2003-10

HEADS-UP: BIND denial-of-service vulnerability

From: Jacques A. Vidrine (nectarFreeBSD.org)
Date: Wed Nov 26 2003 - 19:11:30 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Everyone,

ISC has released new versions of BIND 8 which address a remotely
exploitable denial-of-service vulnerability that may allow an attacker
to perform `negative cache poisoning'--- convincing a name server that
certain RRs do not exist (even though they may). I do not know of any
workaround at this time.

I have committed fixes to the RELENG_5_1 and RELENG_4_9 security
branches. Due to personal obligations this evening [*], I will
likely not update RELENG_4_8 and RELENG_4_7 until sometime tomorrow.
Likewise, the advisory will follow tomorrow. However, you can find
patches at the following URLs:

[FreeBSD -CURRENT, -STABLE, 4.9]
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch.asc

[FreeBSD 5.1, 4.8]
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch.asc

[FreeBSD 4.7, 4.6, 4.5, 4.4]
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch.asc

(If you don't find them at ftp.freebsd.org, try ftp2.freebsd.org.)

I expect Doug Barton will upgrade BIND 8 in -STABLE and -CURRENT
tonight or tomorrow.

Cheers,
--
Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal
nectarcelabo.org jvidrineverio.net nectarfreebsd.org nectarkth.se

[*] Happy Thanksgiving to those celebrating it, by the way!

----- Forwarded message from Jacques Vidrine <nectarFreeBSD.org> -----

Date: Wed, 26 Nov 2003 16:54:53 -0800 (PST)
From: Jacques Vidrine <nectarFreeBSD.org>
To: src-committersFreeBSD.org, cvs-srcFreeBSD.org, cvs-allFreeBSD.org
Subject: cvs commit: src UPDATING src/sys/conf newvers.sh src/contrib/bind
Version src/contrib/bind/bin/named ns_resp.c
Message-Id: <200311270054.hAR0srnr052777repoman.freebsd.org>

nectar 2003/11/26 16:54:53 PST

FreeBSD src repository

  Modified files: (Branch: RELENG_5_1)
    . UPDATING
    sys/conf newvers.sh
    contrib/bind Version
    contrib/bind/bin/named ns_resp.c
  Log:
  Correct a remote denial-of-service attack in named(8).

  Revision Changes Path
  1.251.2.13 +3 -0 src/UPDATING
  1.1.1.11.2.1 +1 -1 src/contrib/bind/Version
  1.1.1.11.2.1 +9 -3 src/contrib/bind/bin/named/ns_resp.c
  1.50.2.13 +1 -1 src/sys/conf/newvers.sh

----- End forwarded message -----
----- Forwarded message from Jacques Vidrine <nectarFreeBSD.org> -----

Date: Wed, 26 Nov 2003 16:56:06 -0800 (PST)
From: Jacques Vidrine <nectarFreeBSD.org>
To: src-committersFreeBSD.org, cvs-srcFreeBSD.org, cvs-allFreeBSD.org
Subject: cvs commit: src UPDATING src/sys/conf newvers.sh src/contrib/bind
Version src/contrib/bind/bin/named ns_resp.c
Message-Id: <200311270056.hAR0u62k052941repoman.freebsd.org>

nectar 2003/11/26 16:56:06 PST

FreeBSD src repository

  Modified files: (Branch: RELENG_4_9)
    . UPDATING
    sys/conf newvers.sh
    contrib/bind Version
    contrib/bind/bin/named ns_resp.c
  Log:
  Correct a remote denial-of-service attack in named(8).

  Revision Changes Path
  1.73.2.89.2.2 +12 -0 src/UPDATING
  1.1.1.3.2.9.2.1 +1 -1 src/contrib/bind/Version
  1.1.1.2.2.10.2.1 +9 -3 src/contrib/bind/bin/named/ns_resp.c
  1.44.2.32.2.2 +1 -1 src/sys/conf/newvers.sh

----- End forwarded message -----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/xU9CFdaIBMps37IRAujJAJ9IiFfICLAxC3cjuxeuyiK7/X2KtwCeMcNf
WfgT8Xi8deadiIDN/qWDQIk=
=i2LN
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]