Bug 771428 (CVE-2011-5056, CVE-2012-0024)
Summary: | CVE-2011-5056 CVE-2012-0024 maradns: hash table collisions CPU usage DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | extras-orphan |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | maradns 1.3.07.13, maradns 1.4.09 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-08-02 15:58:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 771435, 771436 | ||
Bug Blocks: | 770929 |
Description
Vincent Danen
2012-01-03 18:04:45 UTC
Created maradns tracking bugs for this issue Affects: fedora-all [bug 771435] Affects: epel-5 [bug 771436] This issue was assigned the name CVE-2012-0024. This fix was provoked by oCERT-2011-003, but was not covered by oCERT-2011-003, hence removing oCERT advisory id from the bug summary. MITRE has added a few CVEs here, so for completeness I'm noting all three CVEs as described by MITRE: Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5055 to the following vulnerability: Name: CVE-2011-5055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5055 Assigned: 20120107 Reference: http://openwall.com/lists/oss-security/2012/01/03/6 Reference: http://openwall.com/lists/oss-security/2012/01/03/13 Reference: http://samiam.org/blog/20111230.html Reference: https://bugzilla.redhat.com/show_bug.cgi?id=771428 MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024. Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5056 to the following vulnerability: Name: CVE-2011-5056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5056 Assigned: 20120107 Reference: http://samiam.org/blog/20111229.html The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024. Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0024 to the following vulnerability: Name: CVE-2012-0024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0024 Assigned: 20111207 Reference: http://openwall.com/lists/oss-security/2012/01/03/6 Reference: http://openwall.com/lists/oss-security/2012/01/03/13 Reference: http://samiam.org/blog/20111229.html Reference: https://bugzilla.redhat.com/show_bug.cgi?id=771428 MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: as we have not shipped any incomplete fixes, the CVE-2011-5055 entry is here for reference; nothing we ship is actually vulnerable to it. Current Fedora ships with 2.0.07 so is not vulnerable, however EPEL5 does still ship with a vulnerable version. The EPEL5 tracker will remain open until it is fixed. |