Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(FreeBSD Issues Fix) BIND NULL rdata Field Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
|
|
SecurityTracker Alert ID: 1027152 |
|
SecurityTracker URL: http://securitytracker.com/id/1027152
|
|
CVE Reference:
CVE-2012-1667
(Links to External Site)
|
Date: Jun 12 2012
|
Impact:
Denial of service via network, Disclosure of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 9.0.x - 9.6.x, 9.4-ESV - 9.4-ESV-R5-P1, 9.6-ESV - 9.6-ESV-R7, 9.7.0 - 9.7.6, 9.8.0 - 9.8.3, 9.9.0 - 9.9.1
|
Description:
A vulnerability was reported in BIND. A remote user can cause denial of service conditions. A remote user can obtain potentially sensitive information.
When a DNS resource record rdata field is zero length, the server may crash or disclose potentially sensitive information.
On recursive servers, the server may crash or disclose some portion of memory.
On secondary servers, the server may crash on restart after transferring a zone containing affected records.
On master servers, the server may corrupt zone data if the zone option "auto-dnssec" is set to "maintain".
Dan Luther, Level3 Communications, reported this vulnerability.
|
Impact:
A remote user can cause denial of service conditions.
A remote user can obtain potentially sensitive information.
|
Solution:
FreeBSD has issued a fix.
The FreeBSD advisory is available at:
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:03.bind.asc
|
Vendor URL: www.isc.org/software/bind/advisories/cve-2012-1667 (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
UNIX (FreeBSD)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 12 Jun 2012 13:25:22 +0000 (GMT)
Subject: FreeBSD Security Advisory FreeBSD-SA-12:03.bind
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-12:03.bind Security Advisory
The FreeBSD Project
Topic: Incorrect handling of zero-length RDATA fields in named(8)
Category: contrib
Module: bind
Announced: 2012-06-12
Credits: Dan Luther, Jeffrey A. Spain
Affects: All supported versions of FreeBSD
Corrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
2012-06-04 22:21:55 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
2012-06-04 22:14:33 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
CVE Name: CVE-2012-1667
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.
II. Problem Description
The named(8) server does not properly handle DNS resource records where
the RDATA field is zero length, which may cause various issues for the
servers handling them.
III. Impact
Resolving servers may crash or disclose some portion of memory to the
client. Authoritative servers may crash on restart after transferring a
zone containing records with zero-length RDATA fields. These would
result in a denial of service, or leak of sensitive information.
IV. Workaround
No workaround is available, but systems not running the BIND name
server are not affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
security branch dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to FreeBSD 7.4,
8.3, 8.2, 8.1 and 9.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, and 8.1-RELEASE]
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch.asc
[FreeBSD 9.0-RELEASE]
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/bind/
# make obj && make depend && make && make install
# cd /usr/src/usr.sbin/named
# make obj && make depend && make && make install
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
4) Install and run BIND from the Ports Collection after the correction
date. The following versions and newer versions of BIND installed from
the Ports Collection are not affected by this vulnerability:
bind96-9.6.3.1.ESV.R7.1
bind97-9.7.6.1
bind98-9.8.3.1
bind99-9.9.1.1
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/contrib/bind9/lib/dns/rdata.c 1.1.1.5.2.4
src/contrib/bind9/lib/dns/rdataslab.c 1.1.1.2.2.5
RELENG_7_4
src/UPDATING 1.507.2.36.2.11
src/sys/conf/newvers.sh 1.72.2.18.2.14
src/contrib/bind9/lib/dns/rdata.c 1.1.1.5.2.1.2.1
src/contrib/bind9/lib/dns/rdataslab.c 1.1.1.2.2.3.2.1
RELENG_8
src/contrib/bind9/lib/dns/rdata.c 1.2.2.4
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.5
RELENG_8_3
src/UPDATING 1.632.2.26.2.5
src/sys/conf/newvers.sh 1.83.2.15.2.7
src/contrib/bind9/lib/dns/rdata.c 1.2.2.2.2.1
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.3.2.1
RELENG_8_2
src/UPDATING 1.632.2.19.2.11
src/sys/conf/newvers.sh 1.83.2.12.2.14
src/contrib/bind9/lib/dns/rdata.c 1.2.8.1
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.2.2.1
RELENG_8_1
src/UPDATING 1.632.2.14.2.14
src/sys/conf/newvers.sh 1.83.2.10.2.15
src/contrib/bind9/lib/dns/rdata.c 1.2.6.1
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.1.2.1
RELENG_9
src/contrib/bind9/lib/dns/rdata.c 1.5.2.2
src/contrib/bind9/lib/dns/rdataslab.c 1.7.2.2
RELENG_9_0
src/UPDATING 1.702.2.4.2.5
src/sys/conf/newvers.sh 1.95.2.4.2.7
src/contrib/bind9/lib/dns/rdata.c 1.5.4.1
src/contrib/bind9/lib/dns/rdataslab.c 1.7.4.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r236953
releng/7.4/ r236953
stable/8/ r236590
releng/8.3/ r236953
releng/8.2/ r236953
releng/8.1/ r236953
stable/9/ r236587
releng/9.0/ r236953
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
http://www.isc.org/software/bind/advisories/cve-2012-1667
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:03.bind.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)
iEYEARECAAYFAk/XQGEACgkQFdaIBMps37LU+gCfcP1MdQy8s5gjNWJfW+BiP6oI
CWkAnRZzIRxAKWgD2spPAuBu04S9ZQkA
=aI2g
-----END PGP SIGNATURE-----
|
|
Go to the Top of This SecurityTracker Archive Page
|
