Bug 679496 (CVE-2011-0414)

Summary: CVE-2011-0414 bind: named lockup with IXFR or DDNS update and a high query rate
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: atkac, bressers, wnefal+redhatbugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-13 10:06:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 679560    
Bug Blocks:    

Description Vincent Danen 2011-02-22 18:09:27 UTC
It was reported [1] that when the BIND authoritative name server daemon (named) processed a successful IXFR transfer or a dynamic update, there was a small period of time during which the IXFR/update, along with a query, could cause the server to stop processing all requests.  A higher update and/or query rate would increase the probability of the deadlock occurring.

This flaw only affects BIND 9.7.1 and 9.7.2; upstream has released 9.7.3 to
correct this flaw.  Upstream also documents that using the "-n1" option to
cause named to use only one worker thread would mitigate this problem.

[1] https://www.isc.org/software/bind/advisories/cve-2011-0414

Comment 1 Vincent Danen 2011-02-22 20:46:43 UTC
Upstream verified to me that this was introduced in 9.7.1, so bind in RHEL6 is not vulnerable.

The fix is also noted as:

Corrected a defect where a combination of dynamic updates and zone transfers incorrectly locked the in-memory zone database, causing named to  freeze. [RT #22614]

in http://ftp.isc.org/isc/bind9/9.7.3/RELEASE-NOTES-BIND-9.7.3.html

9.7.3 is currently in Fedora 13 and 14 testing repositories.

Comment 2 Vincent Danen 2011-02-22 20:47:33 UTC

Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6.