[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-security
Subject:    Re: FreeBSD Security Advisory FreeBSD-SA-12:05.bind
From:       Andrea Venturoli <ml () netfence ! it>
Date:       2012-08-07 6:15:54
Message-ID: 5020B29A.4010304 () netfence ! it
[Download RAW message or body]

On 08/07/12 00:12, FreeBSD Security Advisories wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> =============================================================================
> FreeBSD-SA-12:05.bind                                       Security Advisory
>                                                            The FreeBSD Project
>
> Topic:          named(8) DNSSEC validation Denial of Service
>
> Category:       contrib
> Module:         bind
> Announced:      2012-08-06
> Credits:        Einar Lonn of IIS.se
> Affects:        All supported versions of FreeBSD
> Corrected:      2012-08-06 21:33:11 UTC (RELENG_7, 7.4-STABLE)
>                  2012-08-06 21:33:11 UTC (RELENG_7_4, 7.4-RELEASE-p10)
>                  2012-07-24 19:04:35 UTC (RELENG_8, 8.3-STABLE)
>                  2012-08-06 21:33:11 UTC (RELENG_8_3, 8.3-RELEASE-p4)
>                  2012-08-06 21:33:11 UTC (RELENG_8_2, 8.2-RELEASE-p10)
>                  2012-08-06 21:33:11 UTC (RELENG_8_1, 8.1-RELEASE-p13)
>                  2012-07-24 22:32:03 UTC (RELENG_9, 9.1-PRERELEASE)
>                  2012-08-06 21:33:11 UTC (RELENG_9_0, 9.0-RELEASE-p4)
> CVE Name:       CVE-2012-3817
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:http://security.FreeBSD.org/>.
>
> I.   Background
>
> BIND 9 is an implementation of the Domain Name System (DNS) protocols.
> The named(8) daemon is an Internet Domain Name Server.
>
> DNS Security Extensions (DNSSEC) provides data integrity, origin
> authentication and authenticated denial of existence to resolvers.

So, a system where "cat /etc/namedb/named.conf |grep -i dnssec" returns 
nothing should not be vulnerable.

Could you confirm this?

  bye & Thanks
	av.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic