[INFOSEG] FreeBSD Security Advisory FreeBSD-SA-09:12.bind

Leandro M Bertholdo berthold at penta.ufrgs.br
Tue Jul 28 22:02:52 BRT 2009 

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> =======================================================================
> ======
> FreeBSD-SA-09:12.bind                                       Security
> Advisory
>                                                           The FreeBSD
> Project
> 
> Topic:          BIND named(8) dynamic update message remote DoS
> 
> Category:       contrib
> Module:         bind
> Announced:      2009-07-29
> Credits:        Matthias Urlichs
> Affects:        All supported versions of FreeBSD
> Corrected:      2009-07-28 23:59:22 UTC (RELENG_7, 7.2-STABLE)
>                 2009-07-29 00:14:14 UTC (RELENG_7_2, 7.2-RELEASE-p3)
>                 2009-07-29 00:14:14 UTC (RELENG_7_1, 7.1-RELEASE-p7)
>                 2009-07-29 00:13:47 UTC (RELENG_6, 6.4-STABLE)
>                 2009-07-29 00:14:14 UTC (RELENG_6_4, 6.4-RELEASE-p6)
>                 2009-07-29 00:14:14 UTC (RELENG_6_3, 6.3-RELEASE-p12)
> CVE Name:       CVE-2009-0696
> 
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:http://security.FreeBSD.org/>.
> 
> NOTE: Due to this issue being accidentally disclosed early, updated
> binaries are yet not available via freebsd-update at the time this
> advisory is being published.  Email will be sent to the freebsd-
> security
> mailing list when the binaries are available via freebsd-update.
> 
> I.   Background
> 
> BIND 9 is an implementation of the Domain Name System (DNS) protocols.
> The named(8) daemon is an Internet Domain Name Server.
> 
> Dynamic update messages may be used to update records in a master zone
> on a nameserver.
> 
> II.  Problem Description
> 
> When named(8) receives a specially crafted dynamic update message an
> internal assertion check is triggered which causes named(8) to exit.
> 
> To trigger the problem, the dynamic update message must contains a
> record of type "ANY" and at least one resource record set (RRset) for
> this fully qualified domain name (FQDN) must exist on the server.
> 
> III. Impact
> 
> An attacker which can send DNS requests to a nameserver can cause it to
> exit, thus creating a Denial of Service situation.
> 
> IV.  Workaround
> 
> No generally applicable workaround is available, but some firewalls
> may be able to prevent nsupdate DNS packets from reaching the
> nameserver.
> 
> NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT
> sufficient to protect it from this vulnerability.
> 
> V.   Solution
> 
> Perform one of the following:
> 
> 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
> RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch
> dated after the correction date.
> 
> 2) To patch your present system:
> 
> The following patches have been verified to apply to FreeBSD 6.3, 6.4,
> 7.1, and 7.2 systems.
> 
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
> 
> # fetch http://security.FreeBSD.org/patches/SA-09:12/bind.patch
> # fetch http://security.FreeBSD.org/patches/SA-09:12/bind.patch.asc
> 
> b) Execute the following commands as root:
> 
> # cd /usr/src
> # patch < /path/to/patch
> # cd /usr/src/lib/bind
> # make obj && make depend && make && make install
> # cd /usr/src/usr.sbin/named
> # make obj && make depend && make && make install
> # /etc/rc.d/named restart
> 
> VI.  Correction details
> 
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
> 
> CVS:
> 
> Branch
> Revision
>   Path
> - ---------------------------------------------------------------------
> ----
> RELENG_6
>   src/contrib/bind9/bin/named/update.c
> 1.1.1.2.2.5
> RELENG_6_4
>   src/UPDATING
> 1.416.2.40.2.10
>   src/sys/conf/newvers.sh
> 1.69.2.18.2.12
>   src/contrib/bind9/bin/named/update.c
> 1.1.1.2.2.3.2.1
> RELENG_6_3
>   src/UPDATING
> 1.416.2.37.2.17
>   src/sys/conf/newvers.sh
> 1.69.2.15.2.16
>   src/contrib/bind9/bin/named/update.c
> 1.1.1.2.2.2.2.1
> RELENG_7
>   src/contrib/bind9/bin/named/update.c
> 1.1.1.5.2.3
> RELENG_7_2
>   src/UPDATING
> 1.507.2.23.2.6
>   src/sys/conf/newvers.sh
> 1.72.2.11.2.7
>   src/contrib/bind9/bin/named/update.c
> 1.1.1.5.2.2.2.1
> RELENG_7_1
>   src/UPDATING
> 1.507.2.13.2.10
>   src/sys/conf/newvers.sh
> 1.72.2.9.2.11
>   src/contrib/bind9/bin/named/update.c
> 1.1.1.5.2.1.4.1
> HEAD
>   src/contrib/bind9/bin/named/update.c
> 1.4
> - ---------------------------------------------------------------------
> ----
> 
> Subversion:
> 
> Branch/path
> Revision
> - ---------------------------------------------------------------------
> ----
> head/
> r195936
> stable/6/
> r195934
> releng/6.4/
> r195935
> releng/6.3/
> r195935
> stable/7/
> r195933
> releng/7.2/
> r195935
> releng/7.1/
> r195935
> - ---------------------------------------------------------------------
> ----
> 
> VII. References
> 
> https://www.isc.org/node/474
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
> 
> The latest revision of this advisory is available at
> http://security.FreeBSD.org/advisories/FreeBSD-SA-09:12.bind.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (FreeBSD)
> 
> iD8DBQFKb5koFdaIBMps37IRAglLAKCFGXI+MAsksnK5TZB/8L3UFhPS1gCgl7q5
> 6fCpOeBcf7f83dVfKRDVF0I=
> =akJW
> -----END PGP SIGNATURE-----

More information about the infoseg mailing list