1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:04.bind Security Advisory
The FreeBSD Project
Topic: BIND DNSSEC incorrect checks for malformed signatures
Category: contrib
Module: bind
Announced: 2009-01-13
Credits: Google Security Team
Affects: All supported FreeBSD versions
Corrected: 2009-01-10 03:00:21 UTC (RELENG_7, 7.1-STABLE)
2009-01-13 21:19:27 UTC (RELENG_7_1, 7.1-RELEASE-p2)
2009-01-13 21:19:27 UTC (RELENG_7_0, 7.0-RELEASE-p9)
2009-01-10 04:30:27 UTC (RELENG_6, 6.4-STABLE)
2009-01-13 21:19:27 UTC (RELENG_6_4, 6.4-RELEASE-p3)
2009-01-13 21:19:27 UTC (RELENG_6_3, 6.3-RELEASE-p9)
CVE Name: CVE-2009-0025
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server. DNS Security
Extensions (DNSSEC) are additional protocol options that add
authentication as part of responses to DNS queries.
FreeBSD includes software from the OpenSSL Project. The OpenSSL
Project is a collaborative effort to develop a robust,
commercial-grade, full-featured Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography
library.
II. Problem Description
The DSA_do_verify() function from OpenSSL is used to determine if a
DSA digital signature is valid. When DNSSEC is used within BIND it
uses DSA_do_verify() to verify DSA signatures, but checks the function
return value incorrectly.
III. Impact
It is in theory possible to spoof a DNS reply even though DNSSEC
is set up to validate answers. This could be used by an attacker for
man-in-the-middle or other spoofing attacks.
IV. Workaround
Disable the the DSA algorithm in named.conf. This will cause answers
from zones signed only with DSA to be treated as insecure. Add the
following to the options section of named.conf:
disable-algorithms . { DSA; };
NOTE WELL: If named(8) is not explicitly set to use DNSSEC the setup is
not vulnerable to the issue as described in this Security Advisory.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.3, 6.4,
7.0, and 7.1 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch
# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/bind
# make obj && make depend && make && make install
# cd /usr/src/usr.sbin/named
# make obj && make depend && make && make install
# /etc/rc.d/named restart
c) Install and use a fixed version of BIND from the FreeBSD Ports
Collection.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
src/contrib/bind9/CHANGES 1.1.1.3.2.10
src/contrib/bind9/FAQ 1.1.1.2.2.5
src/contrib/bind9/FAQ.xml 1.1.1.1.2.5
src/contrib/bind9/README 1.1.1.2.2.6
src/contrib/bind9/aclocal.m4 1.1.4.1
src/contrib/bind9/bin/dig/dig.1 1.1.1.1.4.4
src/contrib/bind9/bin/dig/dig.c 1.1.1.2.2.4
src/contrib/bind9/bin/dig/dig.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/dig/dig.html 1.1.1.1.4.4
src/contrib/bind9/bin/dig/dighost.c 1.1.1.2.2.5
src/contrib/bind9/bin/dig/host.1 1.1.1.1.4.4
src/contrib/bind9/bin/dig/host.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/dig/host.html 1.1.1.1.4.4
src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.1.4.4
src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.1.4.4
src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.1.4.4
src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.2.2.4
src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.1.4.4
src/contrib/bind9/bin/named/client.c 1.1.1.2.2.7
src/contrib/bind9/bin/named/config.c 1.1.1.2.2.4
src/contrib/bind9/bin/named/controlconf.c 1.1.1.1.4.4
src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.1.4.2
src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.1.4.4
src/contrib/bind9/bin/named/lwresd.8 1.1.1.1.4.4
src/contrib/bind9/bin/named/lwresd.c 1.1.1.1.4.3
src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/named/lwresd.html 1.1.1.1.4.4
src/contrib/bind9/bin/named/main.c 1.1.1.2.2.3
src/contrib/bind9/bin/named/named.8 1.1.1.1.4.4
src/contrib/bind9/bin/named/named.conf.5 1.1.1.2.2.4
src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.2.2.5
src/contrib/bind9/bin/named/named.conf.html 1.1.1.2.2.4
src/contrib/bind9/bin/named/named.docbook 1.1.1.1.4.4
src/contrib/bind9/bin/named/named.html 1.1.1.1.4.4
src/contrib/bind9/bin/named/query.c 1.1.1.1.4.6
src/contrib/bind9/bin/named/server.c 1.1.1.2.2.6
src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.2.2.2
src/contrib/bind9/bin/named/unix/os.c 1.1.1.2.2.4
src/contrib/bind9/bin/named/update.c 1.1.1.2.2.4
src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.1.4.2
src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.4.1
src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.1.4.4
src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.1.4.3
src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.1.4.4
src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.2.2.1
src/contrib/bind9/bin/rndc/rndc.c 1.1.1.3.2.3
src/contrib/bind9/config.h.in 1.1.4.1
src/contrib/bind9/configure.in 1.1.1.2.2.6
src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.2.2
src/contrib/bind9/lib/bind/api 1.1.1.2.2.4
src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/config.h.in 1.1.1.2.2.4
src/contrib/bind9/lib/bind/configure.in 1.1.1.2.2.5
src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.2.2.4
src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.1.4.4
src/contrib/bind9/lib/bind/dst/support.c 1.1.1.1.4.2
src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.1.4.1
src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.1.4.1
src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.1.4.1
src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.1.4.2
src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.1.4.4
src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.1.4.2
src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.1.4.2
src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.1.4.2
src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.2.2.4
src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.1.4.2
src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.1.4.2
src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.1.4.1
src/contrib/bind9/lib/bind9/api 1.1.1.2.2.4
src/contrib/bind9/lib/bind9/check.c 1.1.1.2.2.4
src/contrib/bind9/lib/dns/adb.c 1.1.1.2.2.4
src/contrib/bind9/lib/dns/api 1.1.1.2.2.7
src/contrib/bind9/lib/dns/cache.c 1.1.1.1.4.3
src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.6
src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.5
src/contrib/bind9/lib/dns/journal.c 1.1.1.2.2.3
src/contrib/bind9/lib/dns/masterdump.c 1.1.1.1.4.2
src/contrib/bind9/lib/dns/message.c 1.1.1.1.4.5
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.3
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.3
src/contrib/bind9/lib/dns/rbt.c 1.1.1.2.2.3
src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.1.4.1
src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.1.4.1
src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.1.4.2
src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.1.4.1
src/contrib/bind9/lib/dns/request.c 1.1.1.1.4.4
src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.10
src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.5
src/contrib/bind9/lib/dns/view.c 1.1.1.1.4.2
src/contrib/bind9/lib/dns/xfrin.c 1.1.1.2.2.5
src/contrib/bind9/lib/isc/Makefile.in 1.1.1.1.4.1
src/contrib/bind9/lib/isc/api 1.1.1.2.2.5
src/contrib/bind9/lib/isc/assertions.c 1.1.1.1.4.1
src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.1.4.1
src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.2.2.2
src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.1.4.1
src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.1.4.2
src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.4.1
src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.1.4.2
src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.1.4.3
src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.1.4.4
src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.1.4.1
src/contrib/bind9/lib/isc/mem.c 1.1.1.1.4.3
src/contrib/bind9/lib/isc/portset.c 1.1.4.1
src/contrib/bind9/lib/isc/print.c 1.1.1.1.4.2
src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.1.4.3
src/contrib/bind9/lib/isc/timer.c 1.1.1.1.4.5
src/contrib/bind9/lib/isc/unix/app.c 1.1.1.1.4.3
src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.1.4.1
src/contrib/bind9/lib/isc/unix/net.c 1.1.1.1.4.3
src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.1.4.3
src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.2.2.5
src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.1.4.2
src/contrib/bind9/lib/isc/unix/time.c 1.1.1.1.4.1
src/contrib/bind9/lib/isccfg/api 1.1.1.2.2.4
src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.2.2.5
src/contrib/bind9/version 1.1.1.3.2.10
RELENG_6_4
src/UPDATING 1.416.2.40.2.6
src/sys/conf/newvers.sh 1.69.2.18.2.9
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.4.1
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.2.2.1
RELENG_6_3
src/UPDATING 1.416.2.37.2.14
src/sys/conf/newvers.sh 1.69.2.15.2.13
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.2.1
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.1.2.1
RELENG_7
src/contrib/bind9/CHANGES 1.1.1.10.2.4
src/contrib/bind9/COPYRIGHT 1.1.1.4.2.3
src/contrib/bind9/FAQ 1.1.1.6.2.2
src/contrib/bind9/FAQ.xml 1.1.1.4.2.2
src/contrib/bind9/README 1.1.1.7.2.2
src/contrib/bind9/aclocal.m4 1.1.2.1
src/contrib/bind9/bin/check/check-tool.c 1.1.1.3.2.2
src/contrib/bind9/bin/check/named-checkconf.c 1.1.1.4.2.1
src/contrib/bind9/bin/check/named-checkzone.c 1.1.1.3.2.2
src/contrib/bind9/bin/dig/dig.1 1.1.1.4.2.2
src/contrib/bind9/bin/dig/dig.c 1.1.1.5.2.2
src/contrib/bind9/bin/dig/dig.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/dig/dig.html 1.1.1.4.2.2
src/contrib/bind9/bin/dig/dighost.c 1.1.1.5.2.3
src/contrib/bind9/bin/dig/host.1 1.1.1.4.2.2
src/contrib/bind9/bin/dig/host.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/dig/host.html 1.1.1.4.2.2
src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.4.2.2
src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.4.2.2
src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.4.2.2
src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.5.2.2
src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.4.2.2
src/contrib/bind9/bin/named/client.c 1.1.1.6.2.4
src/contrib/bind9/bin/named/config.c 1.1.1.4.2.3
src/contrib/bind9/bin/named/controlconf.c 1.1.1.3.2.2
src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.3.2.1
src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.3.2.2
src/contrib/bind9/bin/named/lwaddr.c 1.1.1.2.2.1
src/contrib/bind9/bin/named/lwdgnba.c 1.1.1.2.2.1
src/contrib/bind9/bin/named/lwdnoop.c 1.1.1.2.2.1
src/contrib/bind9/bin/named/lwresd.8 1.1.1.4.2.2
src/contrib/bind9/bin/named/lwresd.c 1.1.1.3.2.2
src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/named/lwresd.html 1.1.1.4.2.2
src/contrib/bind9/bin/named/main.c 1.1.1.5.2.1
src/contrib/bind9/bin/named/named.8 1.1.1.4.2.2
src/contrib/bind9/bin/named/named.conf.5 1.1.1.5.2.2
src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.5.2.3
src/contrib/bind9/bin/named/named.conf.html 1.1.1.5.2.2
src/contrib/bind9/bin/named/named.docbook 1.1.1.4.2.2
src/contrib/bind9/bin/named/named.html 1.1.1.4.2.2
src/contrib/bind9/bin/named/query.c 1.1.1.6.2.2
src/contrib/bind9/bin/named/server.c 1.1.1.6.2.4
src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.3.2.1
src/contrib/bind9/bin/named/unix/os.c 1.1.1.5.2.1
src/contrib/bind9/bin/named/update.c 1.1.1.5.2.2
src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.2.1
src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.4.2.2
src/contrib/bind9/bin/nsupdate/nsupdate.c 1.1.1.5.2.2
src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.4.2.2
src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.3.2.1
src/contrib/bind9/bin/rndc/rndc.8 1.1.1.4.2.2
src/contrib/bind9/bin/rndc/rndc.c 1.1.1.6.2.2
src/contrib/bind9/bin/rndc/rndc.docbook 1.1.1.3.2.2
src/contrib/bind9/bin/rndc/rndc.html 1.1.1.4.2.2
src/contrib/bind9/config.h.in 1.1.2.1
src/contrib/bind9/configure.in 1.1.1.6.2.3
src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.10.2
src/contrib/bind9/lib/bind/api 1.1.1.5.2.2
src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/config.h.in 1.1.1.4.2.3
src/contrib/bind9/lib/bind/configure.in 1.1.1.5.2.3
src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.5.2.2
src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.4.2.2
src/contrib/bind9/lib/bind/dst/support.c 1.1.1.3.2.1
src/contrib/bind9/lib/bind/include/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.2.2.1
src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.2.2.1
src/contrib/bind9/lib/bind/include/isc/eventlib.h 1.1.1.3.2.1
src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.2.2.1
src/contrib/bind9/lib/bind/include/isc/platform.h.in 1.2.2.1
src/contrib/bind9/lib/bind/include/netdb.h 1.1.1.4.2.1
src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.3.2.1
src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/inet/inet_network.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.3.2.1
src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.4.2.1
src/contrib/bind9/lib/bind/irs/getnetgrent.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/irs/getnetgrent_r.c 1.1.1.4.2.1
src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.3.2.1
src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.2.2.2
src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/isc/logging.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.2.2.1
src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.4.2.1
src/contrib/bind9/lib/bind/port_before.h.in 1.1.1.4.2.2
src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.3.2.1
src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.3.2.1
src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.2.2.1
src/contrib/bind9/lib/bind/resolv/res_send.c 1.1.1.4.2.1
src/contrib/bind9/lib/bind9/api 1.1.1.5.2.2
src/contrib/bind9/lib/bind9/check.c 1.1.1.5.2.4
src/contrib/bind9/lib/dns/acache.c 1.1.1.1.2.1
src/contrib/bind9/lib/dns/adb.c 1.1.1.5.2.2
src/contrib/bind9/lib/dns/api 1.1.1.6.2.4
src/contrib/bind9/lib/dns/cache.c 1.1.1.4.2.1
src/contrib/bind9/lib/dns/dispatch.c 1.1.1.4.2.4
src/contrib/bind9/lib/dns/dst_parse.c 1.1.1.2.2.1
src/contrib/bind9/lib/dns/dst_parse.h 1.1.1.2.2.1
src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.3.2.4
src/contrib/bind9/lib/dns/journal.c 1.1.1.4.2.2
src/contrib/bind9/lib/dns/master.c 1.1.1.2.2.2
src/contrib/bind9/lib/dns/masterdump.c 1.1.1.3.2.1
src/contrib/bind9/lib/dns/message.c 1.1.1.4.2.2
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.2
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.2.1
src/contrib/bind9/lib/dns/rbt.c 1.1.1.4.2.1
src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.2
src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.2.2.1
src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.2.2.1
src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.2.2.1
src/contrib/bind9/lib/dns/rdata/in_1/apl_42.c 1.1.1.2.2.1
src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.2.2.1
src/contrib/bind9/lib/dns/request.c 1.1.1.3.2.2
src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.4
src/contrib/bind9/lib/dns/rootns.c 1.1.1.2.2.2
src/contrib/bind9/lib/dns/sdb.c 1.1.1.2.2.2
src/contrib/bind9/lib/dns/tkey.c 1.1.1.4.2.1
src/contrib/bind9/lib/dns/tsig.c 1.1.1.4.2.2
src/contrib/bind9/lib/dns/validator.c 1.1.1.6.2.2
src/contrib/bind9/lib/dns/view.c 1.1.1.2.2.2
src/contrib/bind9/lib/dns/xfrin.c 1.1.1.5.2.3
src/contrib/bind9/lib/dns/zone.c 1.1.1.5.2.2
src/contrib/bind9/lib/isc/Makefile.in 1.1.1.2.2.2
src/contrib/bind9/lib/isc/api 1.1.1.5.2.3
src/contrib/bind9/lib/isc/assertions.c 1.1.1.2.2.1
src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.2.2.1
src/contrib/bind9/lib/isc/include/isc/lex.h 1.1.1.2.2.1
src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.3.2.1
src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.2.2.1
src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.2.2.2
src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.2.1
src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.2.2.2
src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.2.2.2
src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.3.2.2
src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.2.2.1
src/contrib/bind9/lib/isc/mem.c 1.1.1.3.2.2
src/contrib/bind9/lib/isc/portset.c 1.1.2.1
src/contrib/bind9/lib/isc/print.c 1.1.1.3.2.1
src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.3.2.1
src/contrib/bind9/lib/isc/timer.c 1.1.1.4.2.3
src/contrib/bind9/lib/isc/unix/app.c 1.1.1.2.2.2
src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.2.2.1
src/contrib/bind9/lib/isc/unix/net.c 1.1.1.3.2.2
src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.2.2.2
src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.5.2.3
src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.2.2.2
src/contrib/bind9/lib/isc/unix/time.c 1.1.1.2.2.1
src/contrib/bind9/lib/isccfg/api 1.1.1.4.2.3
src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.5.2.2
src/contrib/bind9/lib/lwres/api 1.1.1.5.2.2
src/contrib/bind9/make/rules.in 1.1.1.4.2.2
src/contrib/bind9/version 1.1.1.10.2.4
RELENG_7_1
src/UPDATING 1.507.2.13.2.5
src/sys/conf/newvers.sh 1.72.2.9.2.6
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.6.1
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.4.1
RELENG_7_0
src/UPDATING 1.507.2.3.2.13
src/sys/conf/newvers.sh 1.72.2.5.2.13
src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.4.1
src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.2.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/6/ r187002
releng/6.4/ r187194
releng/6.3/ r187194
stable/7/ r186997
releng/7.1/ r187194
releng/7.0/ r187194
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc
https://www.isc.org/node/373
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:04.bind.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iD8DBQFJbRUmFdaIBMps37IRAonEAJsFQFtZGTz6tXFc5TSRMLhB1hxb6QCeI0Pd
ZFPKsX8/XspOTzRWA1h3QPk=
=dpqG
-----END PGP SIGNATURE-----
|
