exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

FreeBSD Security Advisory - bind

FreeBSD Security Advisory - bind
Posted Jul 29, 2009
Site security.freebsd.org

FreeBSD Security Advisory - When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.

tags | advisory
systems | freebsd
advisories | CVE-2009-0696
SHA-256 | 63f6e9c33b817f0e2995a59692b493e8ec93d0332cc4781442f1c4b5e3d35798

FreeBSD Security Advisory - bind

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-09:12.bind Security Advisory
The FreeBSD Project

Topic: BIND named(8) dynamic update message remote DoS

Category: contrib
Module: bind
Announced: 2009-07-29
Credits: Matthias Urlichs
Affects: All supported versions of FreeBSD
Corrected: 2009-07-28 23:59:22 UTC (RELENG_7, 7.2-STABLE)
2009-07-29 00:14:14 UTC (RELENG_7_2, 7.2-RELEASE-p3)
2009-07-29 00:14:14 UTC (RELENG_7_1, 7.1-RELEASE-p7)
2009-07-29 00:13:47 UTC (RELENG_6, 6.4-STABLE)
2009-07-29 00:14:14 UTC (RELENG_6_4, 6.4-RELEASE-p6)
2009-07-29 00:14:14 UTC (RELENG_6_3, 6.3-RELEASE-p12)
CVE Name: CVE-2009-0696

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

NOTE: Due to this issue being accidentally disclosed early, updated
binaries are yet not available via freebsd-update at the time this
advisory is being published. Email will be sent to the freebsd-security
mailing list when the binaries are available via freebsd-update.

I. Background

BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.

Dynamic update messages may be used to update records in a master zone
on a nameserver.

II. Problem Description

When named(8) receives a specially crafted dynamic update message an
internal assertion check is triggered which causes named(8) to exit.

To trigger the problem, the dynamic update message must contains a
record of type "ANY" and at least one resource record set (RRset) for
this fully qualified domain name (FQDN) must exist on the server.

III. Impact

An attacker which can send DNS requests to a nameserver can cause it to
exit, thus creating a Denial of Service situation.

IV. Workaround

No generally applicable workaround is available, but some firewalls
may be able to prevent nsupdate DNS packets from reaching the
nameserver.

NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT
sufficient to protect it from this vulnerability.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch
dated after the correction date.

2) To patch your present system:

The following patches have been verified to apply to FreeBSD 6.3, 6.4,
7.1, and 7.2 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-09:12/bind.patch
# fetch http://security.FreeBSD.org/patches/SA-09:12/bind.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/bind
# make obj && make depend && make && make install
# cd /usr/src/usr.sbin/named
# make obj && make depend && make && make install
# /etc/rc.d/named restart

VI. Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

CVS:

Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
src/contrib/bind9/bin/named/update.c 1.1.1.2.2.5
RELENG_6_4
src/UPDATING 1.416.2.40.2.10
src/sys/conf/newvers.sh 1.69.2.18.2.12
src/contrib/bind9/bin/named/update.c 1.1.1.2.2.3.2.1
RELENG_6_3
src/UPDATING 1.416.2.37.2.17
src/sys/conf/newvers.sh 1.69.2.15.2.16
src/contrib/bind9/bin/named/update.c 1.1.1.2.2.2.2.1
RELENG_7
src/contrib/bind9/bin/named/update.c 1.1.1.5.2.3
RELENG_7_2
src/UPDATING 1.507.2.23.2.6
src/sys/conf/newvers.sh 1.72.2.11.2.7
src/contrib/bind9/bin/named/update.c 1.1.1.5.2.2.2.1
RELENG_7_1
src/UPDATING 1.507.2.13.2.10
src/sys/conf/newvers.sh 1.72.2.9.2.11
src/contrib/bind9/bin/named/update.c 1.1.1.5.2.1.4.1
HEAD
src/contrib/bind9/bin/named/update.c 1.4
- -------------------------------------------------------------------------

Subversion:

Branch/path Revision
- -------------------------------------------------------------------------
head/ r195936
stable/6/ r195934
releng/6.4/ r195935
releng/6.3/ r195935
stable/7/ r195933
releng/7.2/ r195935
releng/7.1/ r195935
- -------------------------------------------------------------------------

VII. References

https://www.isc.org/node/474
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:12.bind.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iD8DBQFKb5koFdaIBMps37IRAglLAKCFGXI+MAsksnK5TZB/8L3UFhPS1gCgl7q5
6fCpOeBcf7f83dVfKRDVF0I=
=akJW
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close