FreeBSD Security Advisory FreeBSD-SA-12:05.bind
Andrea Venturoli
ml at netfence.it
Tue Aug 7 06:18:15 UTC 2012
On 08/07/12 00:12, FreeBSD Security Advisories wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> =============================================================================
> FreeBSD-SA-12:05.bind Security Advisory
> The FreeBSD Project
>
> Topic: named(8) DNSSEC validation Denial of Service
>
> Category: contrib
> Module: bind
> Announced: 2012-08-06
> Credits: Einar Lonn of IIS.se
> Affects: All supported versions of FreeBSD
> Corrected: 2012-08-06 21:33:11 UTC (RELENG_7, 7.4-STABLE)
> 2012-08-06 21:33:11 UTC (RELENG_7_4, 7.4-RELEASE-p10)
> 2012-07-24 19:04:35 UTC (RELENG_8, 8.3-STABLE)
> 2012-08-06 21:33:11 UTC (RELENG_8_3, 8.3-RELEASE-p4)
> 2012-08-06 21:33:11 UTC (RELENG_8_2, 8.2-RELEASE-p10)
> 2012-08-06 21:33:11 UTC (RELENG_8_1, 8.1-RELEASE-p13)
> 2012-07-24 22:32:03 UTC (RELENG_9, 9.1-PRERELEASE)
> 2012-08-06 21:33:11 UTC (RELENG_9_0, 9.0-RELEASE-p4)
> CVE Name: CVE-2012-3817
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:http://security.FreeBSD.org/>.
>
> I. Background
>
> BIND 9 is an implementation of the Domain Name System (DNS) protocols.
> The named(8) daemon is an Internet Domain Name Server.
>
> DNS Security Extensions (DNSSEC) provides data integrity, origin
> authentication and authenticated denial of existence to resolvers.
So, a system where "cat /etc/namedb/named.conf |grep -i dnssec" returns
nothing should not be vulnerable.
Could you confirm this?
bye & Thanks
av.
More information about the freebsd-security
mailing list