EVP_VerifyFinal() and DSA_do_verify() return checks
Note: the 28 July 2009 DDNS DoS attack vulnerability announcement is here. Some emails were sent with an incorrect URL reference. We apologize for the confusion.
OpenSSL security advisory CVE-2008-5077 may affect BIND users. The OpenSSL advisory says:
Several functions inside OpenSSL incorrectly checked the result after calling the
EVP_VerifyFinalfunction, allowing a malformed signature to be treated as a good signature rather than as an error. This issue affected the signature checks on DSA and ECDSA keys used with SSL/TLS.
It is theoretically possible to spoof answers returned from zones whose DNSKEY algorithms are affected by that OpenSSL issue.
BIND 9.3, 9.4, 9.5 and 9.6:
Disable the affected algorithms in named.conf. This will cause answers from zones signed only with DSA (3) and/or NSEC3DSA (6) to be treated as insecure.
BIND 9.3, 9.4, 9.5:
disable-algorithms . { DSA; };
BIND 9.6:
disable-algorithms . { DSA; NSEC3DSA; };
Upgrade OpenSSL to at least OpenSSL 0.9.8j, then upgrade BIND to 9.3.6-P1, 9.4.3-P1, 9.5.1-P1, 9.6.0-P1, which use the updated OpenSSL interface correctly.
There are no fixes planned for BIND 9.1 or BIND 9.2, as those releases do not implement the current DNSSEC protocol.
Questions should be addressed to bind9-bugs@isc.org.
Also see CVE-2008-5077 for the corresponding OpenSSL issue
Acknowledgement:
Google Security Team.
Revision History:
2009-01-05 Initial pre-release text
2009-01-07 Public release with corrected CVE
2009-01-23 Solution revised
