diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-15:17.bind.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-15:17.bind.asc | 139 |
1 files changed, 0 insertions, 139 deletions
diff --git a/share/security/advisories/FreeBSD-SA-15:17.bind.asc b/share/security/advisories/FreeBSD-SA-15:17.bind.asc deleted file mode 100644 index c3feadb691..0000000000 --- a/share/security/advisories/FreeBSD-SA-15:17.bind.asc +++ /dev/null @@ -1,139 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-15:17.bind Security Advisory - The FreeBSD Project - -Topic: BIND remote denial of service vulnerability - -Category: contrib -Module: bind -Announced: 2015-07-28 -Credits: ISC -Affects: FreeBSD 8.x and FreeBSD 9.x. -Corrected: 2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE) - 2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21) - 2015-07-28 19:58:54 UTC (stable/8, 8.4-STABLE) - 2015-07-28 19:59:22 UTC (releng/8.4, 8.4-RELEASE-p35) -CVE Name: CVE-2015-5477 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:https://security.FreeBSD.org/>. - -I. Background - -BIND 9 is an implementation of the Domain Name System (DNS) protocols. -The named(8) daemon is an Internet Domain Name Server. - -II. Problem Description - -An error in the handling of TKEY queries can be exploited by an attacker -for use as a denial-of-service vector, as a constructed packet can use -the defect to trigger a REQUIRE assertion failure, causing BIND to exit. - -III. Impact - -A remote attacker can trigger a crash of a name server. Both recursive and -authoritative servers are affected, and the exposure can not be mitigated -by either ACLs or configuration options limiting or denying service because -the exploitable code occurs early in the packet handling, before checks -enforcing those boundaries. - -IV. Workaround - -No workaround is available, but systems that are not running BIND are not -vulnerable. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date. - -The named service has to be restarted after the update. A reboot is -recommended but not required. - -2) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -The named service has to be restarted after the update. A reboot is -recommended but not required. - -3) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch -# fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch.asc -# gpg --verify bind.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile the operating system using buildworld and installworld as -described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. - -Restart the applicable daemons, or reboot the system. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/8/ r285977 -releng/8.4/ r285980 -stable/9/ r285977 -releng/9.3/ r285980 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:https://kb.isc.org/article/AA-01272> - -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:17.bind.asc> ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.1.6 (FreeBSD) - -iQIcBAEBCgAGBQJVt+FdAAoJEO1n7NZdz2rnmAQQAK66bHEYirTecgswG+eiePfU -lcX46GdLU/OQ/3MHpmc6XQKz9kpJ+Inh8K8IvAJ1SXH41zk/xOtUgqbkUcgkGrS1 -gBVKUC8SF82ll/1FUlORoJc+g+TQgax00Il/GweRVoL0RpU9S/YSnc6OLc0nWzBq -osweYaHBNRL6lBmUtAHYu1tyvGvHLlfTNk6NCtUxtWeXKe+urYFx4ViJKCU8dJ+U -F26nQb/3vH93WOEaNjSDHYWypl9qtous5hpOtXr76ofhID67EyOKmPPEC5+6jP/6 -wkdMu7loVewI5K7ZF+zaNxr8CQESurCRkMX3qJSBNCfSw55sdcfKl4BO65SCxLH7 -vXoh+B+Wbof2n3xAcEJNufOdiRQfTxlP1UMWIy00wvdB+VcOCDdD7TUB1kksxzpy -aXxePRdKLjvkPDiWy17BBpxq8JIfy+41a+N7Fm/hDgUJOYGDAMr27WJLx8MHzY3k -+B014IVvTnHkf0yo5ue5raTpgUr0TVCfwD3eqJOM9iUuOI8vj9h44FpP6R8KNyQA -mVI/wikVJfYAgmAkHqqRVEHeA8aWJsVNkmrKLHFDkLDdw6umr7oOHfXQo1hk7k7V -+2JEa09kp2AYNGYZkiFG/7jiCZ9GLCvAzKW1v1g8fRsBl+QA1PjW0Rg7HcRmZiwM -VfNsARSWl2y/t8Gnrfgx -=40iD ------END PGP SIGNATURE----- |