Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26430
HistoryMay 30, 2011 - 12:00 a.m.

FreeBSD Security Advisory FreeBSD-SA-11:02.bind

2011-05-3000:00:00
vulners.com
19
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-11:02.bind Security Advisory
The FreeBSD Project

Topic: BIND remote DoS with large RRSIG RRsets and negative caching

Category: contrib
Module: bind
Announced: 2011-05-28
Credits: Frank Kloeker, Michael Sinatra.
Affects: All supported versions of FreeBSD.
Corrected: 2011-05-28 00:58:19 UTC (RELENG_7, 7.4-STABLE)
2011-05-28 08:44:39 UTC (RELENG_7_3, 7.3-RELEASE-p6)
2011-05-28 08:44:39 UTC (RELENG_7_4, 7.4-RELEASE-p2)
2011-05-28 00:33:06 UTC (RELENG_8, 8.2-STABLE)
2011-05-28 08:44:39 UTC (RELENG_8_1, 8.1-RELEASE-p4)
2011-05-28 08:44:39 UTC (RELENG_8_2, 8.2-RELEASE-p2)
CVE Name: CVE-2011-1910

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/&gt;.

I. Background

BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.

DNS Security Extensions (DNSSEC) provides data integrity, origin
authentication and authenticated denial of existence to resolvers.

II. Problem Description

Very large RRSIG RRsets included in a negative response can trigger
an assertion failure that will crash named(8) due to an off-by-one error
in a buffer size check.

III. Impact

If named(8) is being used as a recursive resolver, an attacker who
controls a DNS zone being resolved can cause named(8) to crash,
resulting in a denial of (DNS resolving) service.

DNSSEC does not need to be enabled on the resolver for it to be
vulnerable.

IV. Workaround

No workaround is available, but systems not running the BIND DNS server
or using it exclusively as an authoritative name server (i.e., not as a
caching resolver) are not vulnerable.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE,
or to the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3
security branch dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to FreeBSD
7.3, 7.4, 8.1 and 8.2 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

fetch http://security.FreeBSD.org/patches/SA-11:02/bind.patch

fetch http://security.FreeBSD.org/patches/SA-11:02/bind.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

cd /usr/src/lib/bind

make obj && make depend && make && make install

cd /usr/src/usr.sbin/named

make obj && make depend && make && make install

/etc/rc.d/named restart

3) To update your vulnerable system via a binary patch:

Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE, or 8.2-RELEASE
on the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:

freebsd-update fetch

freebsd-update install

VI. Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

CVS:

Branch Revision
Path

RELENG_7
src/contrib/bind9/lib/dns/ncache.c 1.1.1.2.2.3
RELENG_7_4
src/UPDATING 1.507.2.36.2.4
src/sys/conf/newvers.sh 1.72.2.18.2.7
src/contrib/bind9/lib/dns/ncache.c 1.1.1.2.2.2.2.1
RELENG_7_3
src/UPDATING 1.507.2.34.2.8
src/sys/conf/newvers.sh 1.72.2.16.2.10
src/contrib/bind9/lib/dns/ncache.c 1.1.1.2.10.1
RELENG_8
src/contrib/bind9/lib/dns/ncache.c 1.2.2.4
RELENG_8_2
src/UPDATING 1.632.2.19.2.4
src/sys/conf/newvers.sh 1.83.2.12.2.7
src/contrib/bind9/lib/dns/ncache.c 1.2.2.2.2.1
RELENG_8_1
src/UPDATING 1.632.2.14.2.7
src/sys/conf/newvers.sh 1.83.2.10.2.8
src/contrib/bind9/lib/dns/ncache.c 1.2.2.1.2.1

Subversion:

Branch/path Revision

stable/7/ r222399
releng/7.4/ r222416
releng/7.3/ r222416
stable/8/ r222396
releng/8.2/ r222416
releng/8.1/ r222416
head/ r222395

VII. References

http://www.isc.org/software/bind/advisories/cve-2011-1910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-11:02.bind.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9

iEYEARECAAYFAk3gvuQACgkQFdaIBMps37L2iACgizZK4QS3rOaY0x7evMuyWIop
OaoAn3Pku/9HCSUULC2xurSnGU3AtJcz
=aG4/
-----END PGP SIGNATURE-----

Related

openvas 41
osv 1
nessus 25
checkpoint_advisories 1
securityvulns 3
suse 1
fedora 8
freebsd 1
cert 1
prion 1
redhat 1
slackware 2
centos 1
debiancve 1
cisa 1
f5 2
oraclelinux 2
ubuntucve 1
veracode 1
seebug 1
cve 1
debian 1
freebsd_advisory 1
ubuntu 1
gentoo 1
openvas
openvas
CentOS Update for bind97 CESA-2011:0845 centos5 x86_64
2012-07-30 00:00:00
Mandriva Update for bind MDVSA-2011:104 (bind)
2011-06-06 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-11:02.bind.asc)
2011-08-03 00:00:00
osv
osv
bind9 - wrong boundary condition
2011-05-27 00:00:00
nessus
nessus
RHEL 5 / 6 : bind (RHSA-2011:0845)
2011-06-01 00:00:00
FreeBSD : BIND -- Large RRSIG RRsets and Negative Caching DoS (1e1421f0-8d6f-11e0-89b4-001ec9578670)
2011-06-07 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2011-147-01)
2011-05-31 00:00:00
checkpoint_advisories
checkpoint_advisories
ISC BIND RRSIG RRsets Denial of Service (CVE-2011-1910)
2011-07-15 00:00:00
securityvulns
securityvulns
ISC bind named DNS server DoS
2011-05-30 00:00:00
APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006
2011-10-16 00:00:00
Apple OS X multiple security vulnerabilities
2011-10-24 00:00:00
suse
suse
bind (important)
2011-06-10 15:31:38
fedora
fedora
[SECURITY] Fedora 15 Update: bind-9.8.0-5.P2.fc15
2011-06-02 19:04:32
[SECURITY] Fedora 14 Update: bind-9.7.4-0.2.b1.fc14
2011-06-11 04:31:03
[SECURITY] Fedora 15 Update: bind-9.8.1-3.P1.fc15
2011-11-25 23:25:02
freebsd
freebsd
BIND -- Large RRSIG RRsets and Negative Caching DoS
2011-05-26 00:00:00
cert
cert
ISC BIND named negative caching vulnerability
2011-05-27 00:00:00
prion
prion
Design/Logic Flaw
2011-05-31 20:55:00
redhat
redhat
(RHSA-2011:0845) Important: bind security update
2011-05-31 00:00:00
slackware
slackware
[slackware-security] bind
2011-05-28 01:14:25
[slackware-security] bind
2011-08-13 00:34:14
centos
centos
bind97 security update
2011-05-31 17:03:46
debiancve
debiancve
CVE-2011-1910
2011-05-31 20:55:00
cisa
cisa
Internet System Consortium releases BIND patches
2011-05-27 00:00:00
f5
f5
K12985 : BIND vulnerability CVE-2011-1910
2013-09-11 00:00:00
SOL12985 - BIND vulnerability CVE-2011-1910
2011-07-26 00:00:00
oraclelinux
oraclelinux
bind security update
2011-05-31 00:00:00
bind security update
2011-11-17 00:00:00
ubuntucve
ubuntucve
CVE-2011-1910
2011-05-30 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:03:14
seebug
seebug
ISC BIND 9 Large RRSIG RRsetsθΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž
2011-06-02 00:00:00
cve
cve
CVE-2011-1910
2011-05-31 20:55:00
debian
debian
[SECURITY] [DSA 2244-1] bind9 security update
2011-05-27 22:23:27
freebsd_advisory
freebsd_advisory
FreeBSD-SA-11:02.bind
2011-05-28 00:00:00
ubuntu
ubuntu
Bind vulnerabilities
2011-05-30 00:00:00
gentoo
gentoo
BIND: Multiple vulnerabilities
2012-06-02 00:00:00
JSON
Related for SECURITYVULNS:DOC:26430
openvas41osv1nessus25checkpoint_advisories1securityvulns3suse1fedora8freebsd1cert1prion1redhat1slackware2centos1debiancve1cisa1f52oraclelinux2ubuntucve1veracode1seebug1cve1debian1freebsd_advisory1ubuntu1gentoo1