Bug 1259085 (CVE-2015-5986)

Summary: CVE-2015-5986 Bind: fromwire_openpgpkey() incorrect boundary check Denial of Service
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: fweimer, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A boundary check flaw was found in the way BIND parsed answers in certain DNS queries. A remote attacker able to provide a specially crafted response in an answer to a query could cause named functioning as a recursive resolver to crash.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-03 04:59:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1259563    
Bug Blocks: 1259089    
Attachments:
Description Flags
CVE-2015-5986.BIND.9.10.2.diff
none
CVE-2015-5986.BIND-9.9.7.diff none

Description Kurt Seifried 2015-09-01 23:40:48 UTC
The following flaw, reported by ISC, was found in recent versions of BIND 9 ( 9.9.7 through 9.9.7-P2, and 9.10.2 through 9.10.2-P3):

An incorrect boundary check in openpgpkey_61.c can cause named to
terminate due to a REQUIRE assertion failure. This defect can be
deliberately exploited by an attacker who can provide a maliciously
constructed response in answer to a query.

Acknowledgements:

Red Hat would like to thank ISC for reporting this issue.

Comment 1 Kurt Seifried 2015-09-01 23:41:49 UTC
Created attachment 1069242 [details]
CVE-2015-5986.BIND.9.10.2.diff

Comment 2 Kurt Seifried 2015-09-01 23:42:14 UTC
Created attachment 1069243 [details]
CVE-2015-5986.BIND-9.9.7.diff

Comment 3 Kurt Seifried 2015-09-02 04:03:23 UTC
Statement:

This issue did not affect the versions of Bind as shipped with Red Hat Enterprise Linux 4, 5, 6 and 7 as they did not include support for fromwire_openpgpkey().

Comment 5 Huzaifa S. Sidhpurwala 2015-09-03 01:22:11 UTC
External References:

https://kb.isc.org/article/AA-01291/0

Comment 6 Huzaifa S. Sidhpurwala 2015-09-03 04:54:45 UTC
Created bind99 tracking bugs for this issue:

Affects: fedora-22 [bug 1259563]

Comment 7 Fedora Update System 2015-09-06 01:09:30 UTC
bind99-9.9.7-7.P3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2015-09-06 17:04:53 UTC
bind99-9.9.7-7.P3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2015-09-24 08:26:17 UTC
bind99-9.9.7-7.P3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.