From nobody@FreeBSD.ORG Thu Nov 11 13:32:39 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 9A26E14C1D; Thu, 11 Nov 1999 13:32:39 -0800 (PST)
Message-Id: <19991111213239.9A26E14C1D@hub.freebsd.org>
Date: Thu, 11 Nov 1999 13:32:39 -0800 (PST)
From: mike@sentex.net
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: Current version of BIND in the ports and the src/contrib is vulnerable to serveral DOS attacks
X-Send-Pr-Version: www-1.0

>Number:         14828
>Category:       bin
>Synopsis:       Current version of BIND in src/contrib is vulnerable to serveral DOS attacks
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 11 13:40:01 PST 1999
>Closed-Date:    Wed Dec 15 06:38:21 PST 1999
>Last-Modified:  Wed Dec 15 06:42:50 PST 1999
>Originator:     Mike Tancsa
>Release:        3.3, but all versions effected
>Organization:
Sentex Communications
>Environment:
FreeBSD 3.3-STABLE #1: Wed Nov 10 16:52:28 EST 1999 
>Description:
See CERT Advisory CA-99.14 - Multiple Vulnerabilities in BIND 
or
http://www.isc.org/products/BIND/bind-security-19991108.html
>How-To-Repeat:
run bind 8.1.x or greater as a port, or use it from src/contrib/bind
>Fix:
Upgrade to the latest version

src/contrib/bind needs to be updated

For the port,
--- Makefile.orig       Wed Nov 10 22:57:07 1999
+++ Makefile    Thu Nov 11 16:26:50 1999
@@ -1,15 +1,15 @@
 # New ports collection makefile for:   bind
-# Version required:    8.2.1
+# Version required:    8.2.2-P3
 # Date created:                18 July 1997
 # Whom:                        jseger@scds.com
 #
 # $FreeBSD: ports/net/bind8/Makefile,v 1.14 1999/08/30 14:22:09 peter Exp $
 #
 
-DISTNAME=      bind-8.2.1
+DISTNAME=      bind-8.2.2-P3
 CATEGORIES=    net
-MASTER_SITES=  ftp://ftp.isc.org/isc/bind/src/8.2.1/
-DISTFILES=     bind-src.tar.gz bind-doc.tar.gz
+MASTER_SITES=  ftp://ftp.isc.org/isc/bind/src/8.2.2-P3/ 
+DISTFILES=     bind-src.tar.gz bind-doc.tar.gz 
 
 MAINTAINER=    jseger@FreeBSD.org

marble3# diff -ru files/md5.orig files/md5
--- files/md5.orig      Thu Nov 11 16:28:24 1999
+++ files/md5   Thu Nov 11 16:28:29 1999
@@ -1,2 +1,2 @@
-MD5 (bind-src.tar.gz) = 449cad9c83d31c28179d3fa9dabd3a38
-MD5 (bind-doc.tar.gz) = 52ba164906f8cb5d0fe1d06ceb5ac5db
+MD5 (bind-src.tar.gz) = c782af1a8058d6d2d3c95c1385a5c8c0
+MD5 (bind-doc.tar.gz) = 42025ab4bed0f13ab612ec5984abe2f0

and add the following patch

marble3# cat patches/patch-ac
Index: src/bin/named-xfer/named-xfer.c
===================================================================
RCS file: /proj/cvs/isc/bind/src/bin/named-xfer/named-xfer.c,v
retrieving revision 8.88
retrieving revision 8.89
diff -c -r8.88 -r8.89
*** src/bin/named-xfer/named-xfer.c     1999/11/08 23:01:39     8.88
--- src/bin/named-xfer/named-xfer.c     1999/11/09 20:36:54     8.89
***************
*** 2195,2201 ****
                                        zp->z_origin, zp_finish.z_serial);
                        }
                        soa_cnt++;
!                       if ((methode == ISIXFR) || (soa_cnt > 2)) {
                                return (result);
                        }
                } else {
--- 2195,2201 ----
                                        zp->z_origin, zp_finish.z_serial);
                        }
                        soa_cnt++;
!                       if ((methode == ISIXFR) || (soa_cnt >= 2)) {
                                return (result);
                        }
                } else {




>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->freebsd-bugs  
Responsible-Changed-By: cpiazza 
Responsible-Changed-When: Sun Nov 21 10:40:23 PST 1999 
Responsible-Changed-Why:  
bind8 port was upgraded to 8.2.2p5 
State-Changed-From-To: open->closed 
State-Changed-By: nbm 
State-Changed-When: Wed Dec 15 06:38:21 PST 1999 
State-Changed-Why:  
peter upgraded and MFC'd bind 8.2.2p5 into src/contrib, and the port 
was updated by jseger. 
>Unformatted:
