| Summary: | net-dns/bind 9.3.0 CAN-2005-034 DoS with dnssec | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | gurligebis, jforman, johnm, robbat2, simons, stuart |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://www.uniras.gov.uk/niscc/docs/al-20050125-00060.html?lang=en | ||
| Whiteboard: | -3 [noglsa] jaervosz | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-01-14 09:25:31 UTC
vulteam@niscc.gov.uk contacted and replied that more info should be available on monday. Selected parts of NISCC mail follows: Draft NISCC Vulnerability Advisory 731920/NISCC/BIND9 Vulnerability Issues with the BIND 9 Software Severity -------- This is rated as low, although if exploited this could potentially result in a denial-of-service. Summary ------- A weakness in the self-check function of BIND 9 have been discovered by the Internet Systems Consortium, Inc. (ISC). ISC have solutions available that can rectify these issues, please refer to the 'Solution' section for further information. Details ------- CVE ID: CAN-2005-034 An incorrect assumption in the validator can result in an internal consistancy test failing and this can cause named to terminate abnormally. Mitigation ---------- ISC have recommended the following work-around: - Disable dnssec validation (off by default) at the Options/View level Solution -------- ISC have released an updated version of BIND to recitify this issue: - BIND 9.3.1 This is available from the ISC website at http://www.isc.org/sw/bind/. Credits ------- The NISCC Vulnerability Team would like to thank ISC for reporting this issue to NISCC and for their assistance in the handling of this vulnerability. Contact Information ------------------- The NISCC Vulnerability Management Team can be contacted as follows: Email vulteam@niscc.gov.uk Please quote the advisory reference in the subject line We encourage those who wish to communicate via email to make use of our PGP key. This is available from http://www.niscc.gov.uk/niscc/publicKey2-en.pop. C 2005 Crown Copyright Jeffrey you're still the only daddy in metadata from a few hours ago. A security update to 9.3.1 (9.2.x is unaffected) is needed later today so you better sort out who is going to take care of that. This one is public now. Jeffrey please bump. CC'ing potential daddies. Someone please bump. *** Bug 79688 has been marked as a duplicate of this bug. *** Security: bind-9.3.0_rc2.ebuild is KEYWORDS="-x86 -ppc -sparc -alpha -hppa -amd64 -ia64". 9.3.1 is available only as beta2 at the moment (which I'm working on putting into the tree with the same keywords as above). Thx Robin. Bind 9.3.1_beta2 in the tree now. Closing without GLSA. Since 9.3.1 final has been released, why isn't there an ebuild yet? btw. there is a new release of dhcpd too. |
