From nobody@FreeBSD.org  Thu Jul 14 03:47:58 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1FF9C106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Jul 2011 03:47:58 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id EA6648FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Jul 2011 03:47:57 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p6E3lvqX041649
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Jul 2011 03:47:57 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p6E3lvTu041648;
	Thu, 14 Jul 2011 03:47:57 GMT
	(envelope-from nobody)
Message-Id: <201107140347.p6E3lvTu041648@red.freebsd.org>
Date: Thu, 14 Jul 2011 03:47:57 GMT
From: Marcelo Gondim <gondim@intnet.com.br>
To: freebsd-gnats-submit@FreeBSD.org
Subject: CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         158882
>Category:       misc
>Synopsis:       CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    dougb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 14 03:50:04 UTC 2011
>Closed-Date:    Thu Jul 14 04:16:44 UTC 2011
>Last-Modified:  Thu Jul 14 04:16:44 UTC 2011
>Originator:     Marcelo Gondim
>Release:        8.2
>Organization:
Nettel Telecom
>Environment:
FreeBSD zeus.linuxinfo.com.br 8.2-STABLE FreeBSD 8.2-STABLE #3: Sun Jul  3 16:31:06 BRT 2011     root@zeus.linuxinfo.com.br:/usr/obj/usr/src/sys/GONDIM  amd64
>Description:
I received the following information:

##########################################################################
ISC BIND 9 Remote packet Denial of Service against Authoritative and
Recursive Servers

A specially constructed packet will cause BIND 9 ("named") to exit,
affecting DNS service.

CVE: CVE-2011-2464

Document Version:  2.0

Posting date: 05 Jul 2011

Program Impacted: BIND

Versions affected:  9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0,
9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2,
9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2,
9.8.0-P3, 9.8.1b1

Severity:  High

Exploitable:  Remotely

Description: 

A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code location
of the defect makes it impossible to protect BIND using ACLs configured
within named.conf or by disabling any features at compile-time or run-time.

A remote attacker would need to be able to send a specially crafted packet
directly to a server running a vulnerable version of BIND. There is also
the potential for an indirect attack via malware that is inadvertently
installed and run, where infected machines have direct access to an
organization's nameservers.

CVSS Score: 7.8

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

For more information on the Common Vulnerability Scoring System and to
obtain your specific environmental score please visit:
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2

Workarounds: 

There are no known workarounds for publicly available servers.
Administrators of servers that are not publicly available may be able to
limit exposure via firewalls and packet filters.

Active exploits: 

ISC knows of no public tools to exploit this defect at the time of this
advisory.

Solution: 

Upgrade to: 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.
########################################################################

The bind9 version of FreeBSD 8.2-STABLE is:

root@zeus)[~]# named -v
BIND 9.6.-ESV-R4-P1

We are vulnerable? Because our version is included in the listing.




>How-To-Repeat:

>Fix:
Upgrade to: 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dougb 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Jul 14 04:03:09 UTC 2011 
Responsible-Changed-Why:  
Over to bind maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158882 
State-Changed-From-To: open->closed 
State-Changed-By: dougb 
State-Changed-When: Thu Jul 14 04:15:21 UTC 2011 
State-Changed-Why:  

The updates for the base were committed the same day they were 
released by ISC. If you need help updating your systems feel free 
to post to freebsd-questions@FreeBSD.org. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158882 
>Unformatted:
