FreeBSD Security Advisory FreeBSD-SA-11:03.bind

budsz budiyt at gmail.com
Sat Oct 1 06:01:41 UTC 2011


On Wed, Sep 28, 2011 at 4:05 PM, FreeBSD Security Advisories
<security-advisories at freebsd.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> =============================================================================
> FreeBSD-SA-11:03.bind                                       Security Advisory
>                                                          The FreeBSD Project
>
> Topic:          Remote packet Denial of Service against named(8) servers
>
> Category:       contrib
> Module:         bind
> Announced:      2011-09-28
> Credits:        Roy Arends
> Affects:        8.2-STABLE after 2011-05-28 and prior to the correction date
> Corrected:      2011-07-06 00:50:54 UTC (RELENG_8, 8.2-STABLE)
> CVE Name:       CVE-2011-2464
>
> Note: This advisory concerns a vulnerability which existed only in
> the FreeBSD 8-STABLE branch and was fixed over two months prior to the
> date of this advisory.
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:http://security.FreeBSD.org/>.
>
> I.   Background
>
> BIND 9 is an implementation of the Domain Name System (DNS) protocols.
> The named(8) daemon is an Internet Domain Name Server.
>
> II.  Problem Description
>
> A logic error in the BIND code causes the BIND daemon to accept bogus
> data, which could cause the daemon to crash.
>
> III. Impact
>
> An attacker able to send traffic to the BIND daemon can cause it to
> crash, resulting in a denial of service.
>
> IV.  Workaround
>
> No workaround is available, but systems not running the BIND name server
> are not affected.
>
> V.   Solution
>
> Upgrade your vulnerable system to 8-STABLE dated after the correction
> date.
>
> VI.  Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> CVS:
>
> Branch                                                           Revision
>  Path
> - -------------------------------------------------------------------------
> RELENG_8
>  src/contrib/bind9/lib/dns/message.c                             1.3.2.3
> - -------------------------------------------------------------------------
>
> Subversion:
>
> Branch/path
> Revision
> - -------------------------------------------------------------------------
> stable/8/                                                         r223815
> - -------------------------------------------------------------------------
>
> VII. References
>
> http://www.isc.org/software/bind/advisories/cve-2011-2464
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
>
> The latest revision of this advisory is available at
> http://security.FreeBSD.org/advisories/FreeBSD-SA-11:03.bind.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.18 (FreeBSD)
>
> iEYEARECAAYFAk6C4CYACgkQFdaIBMps37LwQgCeIDVGsCWOLoVdmWogOOaPC1UG
> 9G8AoJPlRbNmkEWMg7uoOYrvjWlRRdlK
> =aUvD
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>

Only updating to 8.X for solution? there is no patch for this advisory?

Thank You

-- 
budsz


More information about the freebsd-security mailing list