Contributed by ray on from the CYA-again dept.
Start patching again!Some exploitable logic errors have been found in the bind nameserver's use of OpenSSL DSA verification functions. These errors may permit an attacker to bypass validation of DSA DNSSEC signatures.
This vulnerability has been designated CVE-2009-0025. More information is available from the ISC at:
https://www.isc.org/node/373Source code patches are available for OpenBSD 4.3 and 4.4. -current has had an identical fix applied.Patch for OpenBSD 4.3:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/008_bind.patchPatch for OpenBSD 4.4:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/008_bind.patchThese patches are also available in the OPENBSD_4_3 and OPENBSD_4_4 stable CVS branches.
(Comments are closed)
By Anonymous Coward (87.178.154.235) on
By Steve Shockley (68.83.96.160) on
Comments
By tedu (udet) on
Yes, not sure why the first paragraph was snipped.
"Some exploitable logic errors have been found in the bind nameserver's
use of OpenSSL DSA verification functions. These errors may permit an
attacker to bypass validation of DSA DNSSEC signatures."
Comments
By Ray Lai (ray) on http://cyth.net/~ray/