Number: 157548
Category: misc
Synopsis: [vuxml] BIND CVE-2011-1910
Confidential: no
Severity: non-critical
Priority: medium
Responsible:freebsd-bugs
State: open
Quarter:
Keywords:
Date-Required:
Class: change-request
Submitter-Id: current-users
Arrival-Date: Thu Jun 02 23:50:05 UTC 2011
Closed-Date:
Last-Modified:
Originator: Ryan Steinmetz
Release:8.2-RELEASE
Organization:
Rochester Institute of Technology
Environment:
Description:
CVE-2011-1910
http://www.isc.org/software/bind/advisories/cve-2011-1910
http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc
How-To-Repeat:
Fix:
Patch attached with submission follows:
--- /tmp/vuln.xml 2011-06-02 16:50:35.0 -0400
+++ vuln.xml2011-06-02 19:43:37.0 -0400
@@ -34,6 +34,53 @@
--
vuxml xmlns=http://www.vuxml.org/apps/vuxml-1;
+ vuln vid=1e1421f0-8d6f-11e0-89b4-001ec9578670
+topicBIND -- Large RRSIG RRsets and Negative Caching DoS/topic
+affects
+ package
+ namebind9-sdb-ldap/name
+ namebind9-sdb-postgresql/name
+ rangelt9.4.3.4/lt/range
+ /package
+ package
+ namebind96/name
+ rangelt9.6.3.1.ESV.R4.1/lt/range
+ /package
+ package
+ namebind97/name
+ rangelt9.7.3.1/lt/range
+ /package
+ package
+ namebind98/name
+ rangelt9.8.0.2/lt/range
+ /package
+ system
+nameFreeBSD/name
+rangegt7.3/gtlt7.3_6/lt/range
+rangegt7.4/gtlt7.4_2/lt/range
+rangegt8.1/gtlt8.1_4/lt/range
+rangegt8.2/gtlt8.2_2/lt/range
+ /system
+/affects
+description
+ body xmlns=http://www.w3.org/1999/xhtml;
+ pISC reports:/p
+ blockquote
cite=http://www.isc.org/software/bind/advisories/cve-2011-1910;
+ pA BIND 9 DNS server set up to be a caching resolver is vulnerable
to a user querying a domain with very large resource record sets (RRSets) when
trying to negatively cache a response. This can cause the BIND 9 DNS server
(named process) to crash./p
+ /blockquote
+ /body
+/description
+references
+ cvenameCVE-2011-1910/cvename
+ freebsdsaSA-11:02.bind/freebsdsa
+ urlhttp://www.isc.org/software/bind/advisories/cve-2011-1910/url
+/references
+dates
+ discovery2011-06-26/discovery
+ entry2011-06-02/entry
+/dates
+ /vuln
+
vuln vid=34ce5817-8d56-11e0-b5a2-6c626dd55a41
topicasterisk -- Remote crash vulnerability/topic
affects
Release-Note:
Audit-Trail:
Unformatted:
___
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to freebsd-bugs-unsubscr...@freebsd.org
