FreeBSD Security Advisory FreeBSD-SA-13:04.bind

Husnu Demir hdemir at metu.edu.tr
Wed Apr 3 09:57:38 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Merve,

Bind kullandigimiz yerlerin guncellenmesini saglar misiniz?

hdemir.


On 02-04-2013 21:04, FreeBSD Security Advisories wrote:
> =============================================================================
>
> 
FreeBSD-SA-13:04.bind                                       Security
Advisory
> The FreeBSD Project
> 
> Topic:          BIND remote denial of service
> 
> Category:       contrib Module:         bind Announced:
> 2013-04-02 Credits:        Matthew Horsfall of Dyn, Inc. Affects:
> FreeBSD 8.4-BETA1 and FreeBSD 9.x Corrected:      2013-03-28
> 05:35:46 UTC (stable/8, 8.4-BETA1) 2013-03-28 05:39:45 UTC
> (stable/9, 9.1-STABLE) 2013-04-02 17:34:42 UTC (releng/9.0,
> 9.0-RELEASE-p7) 2013-04-02 17:34:42 UTC (releng/9.1,
> 9.1-RELEASE-p2) CVE Name:       CVE-2013-2266
> 
> For general information regarding FreeBSD Security Advisories, 
> including descriptions of the fields above, security branches, and
> the following sections, please visit
> <URL:http://security.FreeBSD.org/>.
> 
> I.   Background
> 
> BIND 9 is an implementation of the Domain Name System (DNS)
> protocols. The named(8) daemon is an Internet Domain Name Server.
> The libdns library is a library of DNS protocol support functions.
> 
> II.  Problem Description
> 
> A flaw in a library used by BIND allows an attacker to
> deliberately cause excessive memory consumption by the named(8)
> process.  This affects both recursive and authoritative servers.
> 
> III. Impact
> 
> A remote attacker can cause the named(8) daemon to consume all
> available memory and crash, resulting in a denial of service.
> Applications linked with the libdns library, for instance dig(1),
> may also be affected.
> 
> IV.  Workaround
> 
> No workaround is available, but systems not running named(8)
> service and not using base system DNS utilities are not affected.
> 
> V.   Solution
> 
> Perform one of the following:
> 
> 1) Upgrade your vulnerable system to a supported FreeBSD stable or 
> release / security branch (releng) dated after the correction
> date.
> 
> 2) To update your vulnerable system via a source code patch:
> 
> The following patches have been verified to apply to the
> applicable FreeBSD release branches.
> 
> a) Download the relevant patch from the location below, and verify
> the detached PGP signature using your PGP utility.
> 
> # fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch #
> fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc #
> gpg --verify bind.patch.asc
> 
> b) Execute the following commands as root:
> 
> # cd /usr/src # patch < /path/to/patch
> 
> Recompile the operating system using buildworld and installworld
> as described in
> <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
> 
> Restart the named daemon, or reboot the system.
> 
> 3) To update your vulnerable system via a binary patch:
> 
> Systems running a RELEASE version of FreeBSD on the i386 or amd64 
> platforms can be updated via the freebsd-update(8) utility:
> 
> # freebsd-update fetch # freebsd-update install
> 
> VI.  Correction details
> 
> The following list contains the revision numbers of each file that
> was corrected in FreeBSD.
> 
> Branch/path
> Revision 
> -------------------------------------------------------------------------
>
> 
stable/8/                                                         r248807
> stable/9/
> r248808 releng/9.0/
> r249029 releng/9.1/
> r249029 
> -------------------------------------------------------------------------
>
>  VII. References
> 
> https://kb.isc.org/article/AA-00871
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
> 
> The latest revision of this advisory is available at 
> http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc 
> _______________________________________________ 
> freebsd-security at freebsd.org mailing list 
> http://lists.freebsd.org/mailman/listinfo/freebsd-security To
> unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJRW/r4AAoJEISpBAM51qlEN58IAK74u4pPydC5kDSQlYeHKTG8
vt1Hzl8tfjfNzs9kKb4pDhirQzCjFlqXWoAtT88K1WU585deV1WJafPt5PpRQK+h
SwPBqe1Wunou8ELzUisZq/jdF+vd2mgYP4Vq2WBUZUrwjPFXOJrlg5aAq919o42v
h0QsiTVxD+FR3LJAg0bA/8FFyjZO/rFkstYZen9N6Mp1D4u46UgVLnK4HU1pMyfu
s0m5A2yHcXv1dyEGOpfxStwk41ei82V+Ol56ioOj+vGSKfJ2+4MbUx7P89HwNJyC
w/3NmY6HSDkHHYXjcoj2y+2yVcSF7st4Hfi6NJ32pPqMADzK1t/1ySaJn3bPkhQ=
=YgI6
-----END PGP SIGNATURE-----

More information about the freebsd-security mailing list