>Number: 158882
>Category: misc
>Synopsis: CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service
>against Authoritative and Recursive Servers
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 14 03:50:04 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Marcelo Gondim
>Release: 8.2
>Organization:
Nettel Telecom
>Environment:
FreeBSD zeus.linuxinfo.com.br 8.2-STABLE FreeBSD 8.2-STABLE #3: Sun Jul 3
16:31:06 BRT 2011 r...@zeus.linuxinfo.com.br:/usr/obj/usr/src/sys/GONDIM
amd64
>Description:
I received the following information:
##########################################################################
ISC BIND 9 Remote packet Denial of Service against Authoritative and
Recursive Servers
A specially constructed packet will cause BIND 9 ("named") to exit,
affecting DNS service.
CVE: CVE-2011-2464
Document Version: 2.0
Posting date: 05 Jul 2011
Program Impacted: BIND
Versions affected: 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0,
9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2,
9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2,
9.8.0-P3, 9.8.1b1
Severity: High
Exploitable: Remotely
Description:
A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code location
of the defect makes it impossible to protect BIND using ACLs configured
within named.conf or by disabling any features at compile-time or run-time.
A remote attacker would need to be able to send a specially crafted packet
directly to a server running a vulnerable version of BIND. There is also
the potential for an indirect attack via malware that is inadvertently
installed and run, where infected machines have direct access to an
organization's nameservers.
CVSS Score: 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to
obtain your specific environmental score please visit:
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
Workarounds:
There are no known workarounds for publicly available servers.
Administrators of servers that are not publicly available may be able to
limit exposure via firewalls and packet filters.
Active exploits:
ISC knows of no public tools to exploit this defect at the time of this
advisory.
Solution:
Upgrade to: 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.
########################################################################
The bind9 version of FreeBSD 8.2-STABLE is:
root@zeus)[~]# named -v
BIND 9.6.-ESV-R4-P1
We are vulnerable? Because our version is included in the listing.
>How-To-Repeat:
>Fix:
Upgrade to: 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
