ID

VAR-201303-0312

CVE

CVE-2013-2266

TITLE

UNIX On the platform ISC BIND Service disruption in ( Memory consumption ) Vulnerabilities

DESCRIPTION

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. ISC BIND is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. The following are affected: ISC BIND 9.7.x ISC BIND 9.8.0 through versions 9.8.5-b1 ISC BIND 9.9.0 through versions 9.9.3-b1. Release Date: 2013-04-30 Last Updated: 2013-04-30 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). HP-UX B.11.31 running BIND 9.7.3 prior to C.9.7.3.2.0 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-2266 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided an updated version of the BIND service to resolve this vulnerability. This early release depot will be replaced by the June 2013 Web Upgrade, which is functionally identical. This update is available from the following location ftp://srt01148:te_UH7ei@ftp.usa.hp.com BIND 9.7.3 for HP-UX Release Depot Name B.11.31 (PA and IA) bind973.depot MANUAL ACTIONS: Yes - Update Download and install the software update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS For BIND 9.7.3 HP-UX B.11.31 ================== NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.7.3.2.0 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 30 April 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/dhcp-4.2.5_P1-i486-1_slack14.0.txz: Upgraded. This update replaces the included BIND 9 code that the DHCP programs link against. Those contained a defect that could possibly lead to excessive memory consumption and a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/dhcp-4.2.5_P1-i486-1_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/dhcp-4.2.5_P1-i486-1_slack12.2.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/dhcp-4.2.5_P1-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/dhcp-4.2.5_P1-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/dhcp-4.2.5_P1-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/dhcp-4.2.5_P1-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/dhcp-4.2.5_P1-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/dhcp-4.2.5_P1-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/dhcp-4.2.5_P1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/dhcp-4.2.5_P1-x86_64-1_slack14.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dhcp-4.2.5_P1-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dhcp-4.2.5_P1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 12.1 package: c277d6dae778ddf859d3af9584cee23e dhcp-4.2.5_P1-i486-1_slack12.1.tgz Slackware 12.2 package: 15d244081a57135dfa61b8454209d296 dhcp-4.2.5_P1-i486-1_slack12.2.tgz Slackware 13.0 package: df6a3c2e39397f80e03a6b4b112bbf25 dhcp-4.2.5_P1-i486-1_slack13.0.txz Slackware x86_64 13.0 package: dbbdc76cc2bf5054ce15c036f3f4a21f dhcp-4.2.5_P1-x86_64-1_slack13.0.txz Slackware 13.1 package: 77f1881425fbce4922256b9c2d973f80 dhcp-4.2.5_P1-i486-1_slack13.1.txz Slackware x86_64 13.1 package: ce4486703ec878a8cf3cd1e6791e61be dhcp-4.2.5_P1-x86_64-1_slack13.1.txz Slackware 13.37 package: 01a8dde3c944beb5050d0ae6cde11bff dhcp-4.2.5_P1-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 4f74f10dbb95e30b4470cefa66eff96a dhcp-4.2.5_P1-x86_64-1_slack13.37.txz Slackware 14.0 package: aa2d3985c9ea6ebc6882c96383d62e35 dhcp-4.2.5_P1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7f75298567f9d6ee252af1389ae9852a dhcp-4.2.5_P1-x86_64-1_slack14.0.txz Slackware -current package: e92641fe8649aa6d122b72e666e7420b n/dhcp-4.2.5_P1-i486-1.txz Slackware x86_64 -current package: 2e46a3038527318b06271e11e763dbb9 n/dhcp-4.2.5_P1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg dhcp-4.2.5_P1-i486-1_slack14.0.txz Then, restart the dhcp daemon. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security and bug fix update Advisory ID: RHSA-2013:0689-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0689.html Issue date: 2013-03-28 CVE Names: CVE-2013-2266 ===================================================================== 1. Summary: Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. This update also fixes the following bug: * Previously, rebuilding the bind-dyndb-ldap source RPM failed with a "/usr/include/dns/view.h:76:21: error: dns/rrl.h: No such file or directory" error. (BZ#928439) All bind users are advised to upgrade to these updated packages, which contain patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 928027 - CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS 928439 - building bind-dyndb-ldap error: dns/rrl.h: No such file or directory 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm ppc64: bind-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm s390x: bind-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.s390x.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm ppc64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2266.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2013-2266 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRVMLdXlSAg2UNWIIRAsZfAKCyin6VjKh+MJwZjqJ0tn2+ayZTygCdEwWJ SMtY22xlYL6dxJ9RgKwa9Q0= =/8r6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Affects: FreeBSD 8.4-BETA1 and FreeBSD 9.x Corrected: 2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1) 2013-03-28 05:39:45 UTC (stable/9, 9.1-STABLE) 2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7) 2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2) CVE Name: CVE-2013-2266 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. The libdns library is a library of DNS protocol support functions. II. This affects both recursive and authoritative servers. III. Impact A remote attacker can cause the named(8) daemon to consume all available memory and crash, resulting in a denial of service. Applications linked with the libdns library, for instance dig(1), may also be affected. IV. Workaround No workaround is available, but systems not running named(8) service and not using base system DNS utilities are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch # fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc # gpg --verify bind.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r248807 stable/9/ r248808 releng/9.0/ r249029 releng/9.1/ r249029 - ------------------------------------------------------------------------- VII. ============================================================================ Ubuntu Security Notice USN-1783-1 March 29, 2013 bind9 vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Bind could be made to consume memory or crash if it received specially crafted network traffic. Software Description: - bind9: Internet Domain Name Server Details: Matthew Horsfall discovered that Bind incorrectly handled regular expression checking. This issue was corrected by disabling RDATA regular expression syntax checking. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: bind9 1:9.8.1.dfsg.P1-4.2ubuntu3.2 libdns81 1:9.8.1.dfsg.P1-4.2ubuntu3.2 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.6 libdns81 1:9.8.1.dfsg.P1-4ubuntu0.6 Ubuntu 11.10: bind9 1:9.7.3.dfsg-1ubuntu4.6 libdns69 1:9.7.3.dfsg-1ubuntu4.6 Ubuntu 10.04 LTS: bind9 1:9.7.0.dfsg.P1-1ubuntu0.9 libdns64 1:9.7.0.dfsg.P1-1ubuntu0.9 In general, a standard system update will make all the necessary changes. (Windows versions are not affected. This condition can crash BIND 9 and will likely severely affect operation of other programs running on the same machine. Please Note: Versions of BIND 9.7 are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. However, the re-compilation method described in the "Workarounds" section of this document will prevent exploitation in BIND 9.7 as well as in currently supported versions. For current information on which versions are actively supported, please see http://www.isc.org/software/bind/versions. Additional information is available in the CVE-2013-2266 FAQ and Supplemental Information article in the ISC Knowledge base, https://kb.isc.org/article/AA-00879. Additionally, other services which run on the same physical machine as an affected BIND server could be compromised as well through exhaustion of system memory. Programs using the libdns library from affected versions of BIND are also potentially vulnerable to exploitation of this bug if they can be forced to accept input which triggers the condition. Tools which are linked against libdns (e.g. dig) should also be rebuilt or upgraded, even if named is not being used. CVSS Score: 7.8 CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C) For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C) Workarounds: Patched versions are available (see the "Solutions:" section below) or operators can prevent exploitation of this bug in any affected version of BIND 9 by compiling without regular expression support. Compilation without regular expression support: BIND 9.7 (all versions), BIND 9.8 (9.8.0 through 9.8.5b1), and BIND 9.9 (9.9.0 through 9.9.3b1) can be rendered completely safe from this bug by re-compiling the source with regular expression support disabled. In order to disable inclusion of regular expression support: After configuring BIND features as desired using the configure script in the top level source directory, manually edit the "config.h" header file that was produced by the configure script. Locate the line that reads "#define HAVE_REGEX_H 1" and replace the contents of that line with "#undef HAVE_REGEX_H". Run "make clean" to remove any previously compiled object files from the BIND 9 source directory, then proceed to make and install BIND normally. Active exploits: No known active exploits. Solution: Compile BIND 9 without regular expression support as described in the "Workarounds" section of this advisory or upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads/all. for discovering this bug and bringing it to our attention. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BIND: Denial of Service Date: January 29, 2014 Bugs: #437828, #446094, #453974, #463497, #478316, #483208, #498016 ID: 201401-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in BIND, possibly resulting in Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.9.4_p2 >= 9.9.4_p2 Description =========== Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.9.4_p2" References ========== [ 1 ] CVE-2012-5166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5166 [ 2 ] CVE-2012-5688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5688 [ 3 ] CVE-2012-5689 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5689 [ 4 ] CVE-2013-2266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2266 [ 5 ] CVE-2013-3919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3919 [ 6 ] CVE-2013-4854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4854 [ 7 ] CVE-2014-0591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0591 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-34.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

network

TYPE

Failure to Handle Exceptional Conditions

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Matthew Horsfall of Dyn, Inc.

SOURCES

LAST UPDATE DATE

2025-05-02T20:29:01.924000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE