2011/08/01

NetBSD Security Advisory 

NetBSD Security Advisory 2011-006
   =================================

Topic:  BIND DoS via packet with rrtype zero


Version: NetBSD-current:  affected prior to 20110706
  NetBSD 5.1:  affected prior to 20110708
  NetBSD 5.0:  affected prior to 20110708
  NetBSD 4.0.*:  affected prior to 20110716
  NetBSD 4.0:  affected prior to 20110716
  pkgsrc:   net/bind96, net/bind97 and net/bind98
                                        packages prior to 20110706


Severity: Denial of Service


Fixed:  NetBSD-current:  Jul 6th, 2011
  NetBSD-5-1 branch: Jul 8th, 2011
  NetBSD-5-0 branch: Jul 8th, 2011
  NetBSD-5 branch: Jul 8th, 2011
  NetBSD-4-0 branch: Jul 16th, 2011
  NetBSD-4 branch: Jul 16th, 2011
  pkgsrc net/bind96: bind-9.6.3.1.ESV4pl3 corrects this issue
  pkgsrc net/bind97: bind-9.7.3pl3 corrects this issue
  pkgsrc net/bind98: bind-9.8.0pl4 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

Packets with rrtype zero can cause named to crash.

This vulnerability has been assigned CVE-2011-2464.


Technical Details
=================

A defect in the affected BIND 9 versions allows an attacker
to remotely
cause the "named" process to exit by sending a specially crafted packet.
This defect affects both recursive and authoritative servers.
The code location of the defect makes it impossible to protect BIND
using ACLs configured within named.conf or by disabling any features
at compile-time or run-time.

A remote attacker would need to be able to send a specially crafted packet
directly to a server running a vulnerable version of BIND.
There is also the potential for an indirect attack via malware that is
inadvertently installed and run, where infected machines have direct
access to an organization's nameservers.

Note: CVE-2011-2465 is also fixed with this update, CVE-2011-0414,
CVE-2011-1907 and  CVE-2011-1910 have been fixed previously but weren't
of sufficient impact to warrant an advisory.


Solutions and Workarounds
=========================

We suggest fixing this vulnerability by using the current net/bind98 or
net/bind97 pkgsrc package instead of the in-system bind until the entire
system can be updated (eg to the next security/critical release, or a
binary snapshot from http://nyftp.netbsd.org/pub/NetBSD-daily/ from past
the fix date).


Thanks To
=========

Thanks to the Internet Systems Consortium for reporting this
vulnerability and providing fixed versions.


Revision History
================

 2011-07-26 Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-006.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .

Copyright 2011, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.
Da alle

Nessun commento:

Posta un commento

Nota. Solo i membri di questo blog possono postare un commento.

Iscriviti a: Commenti sul post (Atom)