what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from ISC

FreeBSD Security Advisory - FreeBSD-SA-16:13.bind

Posted Mar 14, 2016

Authored by ISC | Site security.freebsd.org

FreeBSD Security Advisory - Testing by ISC has uncovered a defect in control channel input handling which can cause named to exit due to an assertion failure in sexpr.c or alist.c when a malformed packet is sent to named's control channel (the interface which allows named to be controlled using the "rndc" server control utility). An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. A remote attacker can deliberately trigger the failed assertion if the DNS server accepts remote rndc commands regardless if authentication is configured. Note that this is not enabled by default. A remote attacker who can cause a server to make a query deliberately chosen to generate a response containing a signature record which would trigger a failed assertion and cause named to stop. Disabling DNSsec does not provide protection against this vulnerability.

tags | advisory, remote

systems | freebsd, bsd

advisories | CVE-2016-1285, CVE-2016-1286

SHA-256 | 511b0fffe4ca8e6584c5c8a182c7a5ff4bb7fa1f2086db6fc678849054b18a03

Download | Favorite | View

FreeBSD Security Advisory - FreeBSD-SA-16:08.bind

Posted Jan 27, 2016

Authored by ISC | Site security.freebsd.org

FreeBSD Security Advisory - There is an off-by-one error in a buffer size check when performing certain string formatting operations. Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer from their master. Masters using text-format db files could be vulnerable if they accept a malformed record in a DDNS update message. Recursive resolvers are potentially vulnerable when debug logging is enabled and if they are fed a deliberately malformed record by a malicious server. A server which has cached a specially constructed record could encounter this condition while performing 'rndc dumpdb'.

tags | advisory

systems | freebsd

advisories | CVE-2015-8704

SHA-256 | c803a5067169b0dd06a8b595f07a796ef604d725b2cec7e9041f63d8bdb30a0a

Download | Favorite | View

FreeBSD Security Advisory - BIND Denial Of Service

Posted Jan 16, 2014

Authored by ISC | Site security.freebsd.org

FreeBSD Security Advisory - Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. This issue only affects authoritative nameservers with at least one NSEC3-signed zone. Recursive-only servers are not at risk. An attacker who can send a specially crafted query could cause named(8) to crash, resulting in a denial of service.

tags | advisory, denial of service

systems | freebsd

advisories | CVE-2014-0591

SHA-256 | 42bd91e5a207d906b383d2f4b8c14bcb28389b0113837035f0080c510470026d

Download | Favorite | View