I cam across this somewhere and it seems to be an issue with all binds. This might be worth a GLSA. Reproducible: Always Actual Results: Several fixes are on the site.
SANS blog Entry: http://isc.sans.edu/diary.html?n&storyid=12049 The DSA tracker: http://security-tracker.debian.org/tracker/source-package/bind CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
DSA, only delivers an list of old items sorry.
FYI, the company I work for was hit by this in a malicious attack. It's a DOS attack that causes named to crash and core dump.
This sounds rather serious, according to upstream, fixes are in 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1 (and current stable in portage 9.7.3 is not mentioned, so maybe it's unsupported upstream).
I can confirm this, only last of each minor is supported, therefore we need to have at least 9.8.1-P1 and 9.7.4-P1 and one of them being stable
(In reply to comment #4) > This sounds rather serious, according to upstream, fixes are in 9.8.1-P1, > 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1 (and current stable in portage 9.7.3 is > not mentioned, so maybe it's unsupported upstream). Exactly. So while we're on it, it would be cool if we could stabilize both versions otherwise at least 9.7.4_p1. Both bumps are in gentoo-x86 now and will be on the mirrors soonish.
LWN just ran an article saying that this vulnerability is out in the wild and being actively exploited and that many servers are experiencing DoS as a result. Other distros are already posting notices. http://lwn.net/Articles/467779/#Comments
Personaly i disagree with minor, as it is a core function of todays internet. There is at least some urgency associated with this incident.
new server (9.7.4_p1) is now running. Minor difference, 9.7.3_p3 started althoug a log file could not be created, 9.7.4_p1 doesn't start when this happens, not a big deal.
Arches, please test and mark stable: =net-dns/bind-9.7.4_p1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Amd64: works for me.
amd64 ok, looks perfect on a server.
x86 stable
Stable for HPPA.
alpha/arm/ia64/s390/sh/sparc stable
+ 28 Nov 2011; Tony Vroon <chainsaw@gentoo.org> bind-9.7.4_p1.ebuild: + Marked stable on AMD64 based on arch testing by Tomáš "Mepho" Pružina & + Agostino "ago" Sarubbo in security bug #390753.
CVE-2011-4313 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4313): query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
ppc/ppc64 done
Thanks, folks. GLSA Vote: yes.
Vote: Yes. GLSA request filed.
This issue was resolved and addressed in GLSA 201206-01 at http://security.gentoo.org/glsa/glsa-201206-01.xml by GLSA coordinator Stefan Behte (craig).
