Bug 769068 (CVE-2011-4528, CVE-2011-4869)

Summary: CVE-2011-4528 CVE-2011-4869 unbound 1.4.13 DNS Server multiple crashes
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: pwouters
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-28 02:57:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kurt Seifried 2011-12-19 20:23:06 UTC 
https://secunia.com/advisories/47220/

Description

Two vulnerabilities have been reported in Unbound, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) A memory allocation error when processing certain RRs (Resource Records) can be exploited to cause a crash by sending signed duplicate redirecting RRs.

2) An error when processing certain responses for NSEC3-signed zones can be exploited to e.g. cause an assertion error or crash by sending specially crafted responses.

The vulnerabilities are reported in versions prior to 1.4.14.

Solution
Update to version 1.4.13p2 and 1.4.14 or apply patches.
Further details available in Customer Area

Provided and/or discovered by
Reported by the vendor.

Original Advisory
http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt
Comment 1 Vincent Danen 2011-12-20 15:48:50 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4869 to
the following vulnerability:

Name: CVE-2011-4869
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4869
Assigned: 20111220
Reference: http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt
Reference: http://www.kb.cert.org/vuls/id/209659

validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly
perform proof processing for NSEC3-signed zones, which allows remote
DNS servers to cause a denial of service (daemon crash) via a
malformed response that lacks expected NSEC3 records, a different
vulnerability than CVE-2011-4528.


Also note that unbound 1.4.14 is pending in Fedora and EPEL:  https://admin.fedoraproject.org/updates/search/CVE-2011-4528
Comment 2 Fedora Update System 2012-01-01 21:21:43 UTC 
unbound-1.4.14-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2012-01-01 21:23:31 UTC 
unbound-1.4.14-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2012-01-05 20:33:01 UTC 
unbound-1.4.14-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2012-01-05 20:33:27 UTC 
unbound-1.4.14-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.