From nobody@FreeBSD.org  Wed Jul 30 13:33:14 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9F692106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 30 Jul 2008 13:33:14 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 966C88FC1B
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 30 Jul 2008 13:33:14 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m6UDXDgg030954
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 30 Jul 2008 13:33:13 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m6UDXCiB030950;
	Wed, 30 Jul 2008 13:33:12 GMT
	(envelope-from nobody)
Message-Id: <200807301333.m6UDXCiB030950@www.freebsd.org>
Date: Wed, 30 Jul 2008 13:33:12 GMT
From: Usman Ahmad <usman.ahmad@pk.link.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: bind patch/upgrade
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         126096
>Category:       i386
>Synopsis:       bind patch/upgrade
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    gavin
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 30 13:40:04 UTC 2008
>Closed-Date:    Wed Jul 30 14:49:30 UTC 2008
>Last-Modified:  Wed Jul 30 14:49:30 UTC 2008
>Originator:     Usman Ahmad
>Release:        FreeBSD 4.2
>Organization:
LINKdotNET
>Environment:
BSD/OS monitornew.wol.net.pk 4.2 BSDI BSD/OS 4.2 Kernel #1: Sat Oct 28 16:31:23 PKT 2006     netadmin@monitornew.wol.net.pk:/usr/src/sys/compile/LOCAL  i386
>Description:
As per our ISC updates, there is a bug in old bind versions. Please refer to
http://www.isc.org/index.pl?/sw/bind/bind-security.php. So i have tried to update all of my current DNS severs having FreeBSD 4.2 but it is not fixed. 

First, the default bind version was running as mentioned below:

bash-2.02# named -v
named 8.2.3-REL Thu Nov 14 15:56:27 CST 2002
        patm@patches42default.bsdi.com:/patches/4.2/M420-030/source/core_contrib/bind/src/bin/named

but there was no patch/update available for this version then i have compiled the bind latest version i.e; BIND 9.4.1-P1 but when i check it for server vulnerability, it response me the server is POOR. 


Please guide me that how can i fix this BUG at my FreeBSD 4.2 server. 

Regards,
Usman Ahmad
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: gavin 
State-Changed-When: Wed Jul 30 14:16:52 UTC 2008 
State-Changed-Why:  
To submitter:  Firstly, It appears that you are not running FreeBSD, 
but BSD/OS 4.2.  These are different operating systems, and as a 
result I do not know how you would go about solving your problems 
with BIND on BSD/OS.  However, I do know that support for BSD/OS 
stopped in 2004, so you should probably consider moving any BSD/OS 
servers away from BSD/OS, and not just upgrading BIND on them, as 
there are likely to be other serious issues with them. 

If your question is "How can I move these servers onto a secure 
version of FreeBSD", then that is a hard question to answer without 
knowing what the servers do.  You will find the FreeBSD website and 
handbook very detailed on how to install and configure FreeBSD, and 
there is lots of documentation around about how to configure BIND. 
After you install 7.0-RELEASE you will still need to patch the 
server before it is secure, but that is easly done with freebsd-update. 

Also note that the minimum version of BIND that you need to be secure 
is 9.4.2-P1, and not 9.4.1-P1 as you stated in your question. 

Hope that helps, 

Gavin 



Responsible-Changed-From-To: freebsd-i386->gavin 
Responsible-Changed-By: gavin 
Responsible-Changed-When: Wed Jul 30 14:16:52 UTC 2008 
Responsible-Changed-Why:  
Track 

http://www.freebsd.org/cgi/query-pr.cgi?pr=126096 
>Unformatted:
