Bug 1259087 (CVE-2015-5722)

Summary: CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: fweimer, jrusnack, kseifried, security-response-team, thozza, yohmura
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-03 04:59:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1259133, 1259134, 1259135, 1259136, 1259137, 1259138, 1259690, 1259691, 1300758, 1300760, 1300761    
Bug Blocks: 1259089, 1484522    
Attachments:
Description Flags
CVE-2015-5722.BIND-9.10.2.diff
none
CVE-2015-5722.BIND-9.9.7.diff none

Description Kurt Seifried 2015-09-01 23:58:43 UTC 
The following flaw, reported by ISC, was found in all versions of BIND 9 (9.0.0 through 9.8.8, 9.9.0 through 9.9.7-P2, and 9.10.0 through 9.10.2-P3):

Parsing a malformed DNSSEC key can cause a validating resolver to exit
due to a failed assertion in buffer.c. It is possible for a remote
attacker to deliberately trigger this condition, for example by using a
query which requires a response from a zone containing a deliberately
malformed key.

ISC would like to thank Hanno Böck from the Fuzzing Project for
discovering and reporting this defect. We would also like to express
our appreciation to the developers of the American Fuzzy Lop tool, which
has been instrumental in revealing recently-disclosed vulnerabilities in
BIND.

Acknowledgements:

Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter.
Comment 1 Kurt Seifried 2015-09-02 00:00:53 UTC 
Created attachment 1069244 [details]
CVE-2015-5722.BIND-9.10.2.diff
Comment 2 Kurt Seifried 2015-09-02 00:01:34 UTC 
Created attachment 1069245 [details]
CVE-2015-5722.BIND-9.9.7.diff
Comment 7 Huzaifa S. Sidhpurwala 2015-09-03 01:22:48 UTC 
External References:

https://kb.isc.org/article/AA-01287/0
Comment 8 errata-xmlrpc 2015-09-03 02:52:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2015:1707 https://rhn.redhat.com/errata/RHSA-2015-1707.html
Comment 9 errata-xmlrpc 2015-09-03 02:52:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2015:1706 https://rhn.redhat.com/errata/RHSA-2015-1706.html
Comment 10 errata-xmlrpc 2015-09-03 04:38:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2015:1705 https://rhn.redhat.com/errata/RHSA-2015-1705.html
Comment 11 Tomáš Hozza 2015-09-03 09:15:36 UTC 
Do you plan to create bugs for Fedora, too?
Comment 12 Huzaifa S. Sidhpurwala 2015-09-03 11:21:56 UTC 
Created bind tracking bugs for this issue:

Affects: fedora-21 [bug 1259690]
Comment 13 Huzaifa S. Sidhpurwala 2015-09-03 11:22:00 UTC 
Created bind99 tracking bugs for this issue:

Affects: fedora-22 [bug 1259691]
Comment 14 Kurt Seifried 2015-09-03 14:21:43 UTC 
Closing the needinfo.
Comment 15 Fedora Update System 2015-09-06 01:09:34 UTC 
bind99-9.9.7-7.P3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2015-09-06 17:04:41 UTC 
bind-9.10.3-0.1.rc1.fc23, bind-dyndb-ldap-8.0-3.fc23, dnsperf-2.0.0.0-18.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 17 Fedora Update System 2015-09-06 17:04:56 UTC 
bind99-9.9.7-7.P3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2015-09-09 23:18:37 UTC 
bind-9.10.2-5.P4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2015-09-24 08:26:22 UTC 
bind99-9.9.7-7.P3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2015-10-04 23:20:50 UTC 
bind-9.9.6-11.P1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Comment 23 errata-xmlrpc 2016-01-28 13:28:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 AUS - Server Only
  Red Hat Enterprise Linux 6.4 AUS - Server Only

Via RHSA-2016:0078 https://rhn.redhat.com/errata/RHSA-2016-0078.html
Comment 24 errata-xmlrpc 2016-01-28 13:45:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 EUS - Server and Compute Node Only

Via RHSA-2016:0079 https://rhn.redhat.com/errata/RHSA-2016-0079.html