-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:03.bind Security Advisory The FreeBSD Project Topic: Remote packet Denial of Service against named(8) servers Category: contrib Module: bind Announced: 2011-09-28 Credits: Roy Arends Affects: 8.2-STABLE after 2011-05-28 and prior to the correction date Corrected: 2011-07-06 00:50:54 UTC (RELENG_8, 8.2-STABLE) CVE Name: CVE-2011-2464 Note: This advisory concerns a vulnerability which existed only in the FreeBSD 8-STABLE branch and was fixed over two months prior to the date of this advisory. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. II. Problem Description A logic error in the BIND code causes the BIND daemon to accept bogus data, which could cause the daemon to crash. III. Impact An attacker able to send traffic to the BIND daemon can cause it to crash, resulting in a denial of service. IV. Workaround No workaround is available, but systems not running the BIND name server are not affected. V. Solution Upgrade your vulnerable system to 8-STABLE dated after the correction date. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_8 src/contrib/bind9/lib/dns/message.c 1.3.2.3 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r223815 - ------------------------------------------------------------------------- VII. References http://www.isc.org/software/bind/advisories/cve-2011-2464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-11:03.bind.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk6C4CYACgkQFdaIBMps37LwQgCeIDVGsCWOLoVdmWogOOaPC1UG 9G8AoJPlRbNmkEWMg7uoOYrvjWlRRdlK =aUvD -----END PGP SIGNATURE-----