Bug 856754 (CVE-2012-4244)

Summary: CVE-2012-4244 bind: specially crafted resource record causes named to exit
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: atkac, ian.bobbitt, raina, roomojee, thozza, timm2k, tkubota, yamato, yohmura, zzhou
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,public=20120912,reported=20120912,source=internet,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-3/bind=affected,rhel-4/bind=affected,rhel-5/bind=affected,rhel-5/bind97=affected,rhel-6/bind=affected,fedora-all/bind=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-15 12:31:22 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 856756, 856904, 856905, 856906, 856907, 856908, 856909, 859916    
Bug Blocks: 856774    
Attachments:
Description Flags
diff of bind-9.6-ESV-R7-P2 to P3 none

Description Vincent Danen 2012-09-12 14:11:16 EDT
A flaw in ISC BIND was reported [1] where a nameserver could be caused to exit with a REQUIRE exception if it received a specially crafted resource record with RDATA that exceeded 65535 bytes and then received a subsequent query for that record.  This can be exploited remotely against recursive servers by getting them to query for records provided by an authoritative server.  It also affects authoritative servers if a zone containing this kind of resource record is loaded from a file on disk or via a zone transfer.

[1] https://kb.isc.org/article/AA-00778/74
Comment 1 Vincent Danen 2012-09-12 14:15:12 EDT
Created attachment 612201 [details]
diff of bind-9.6-ESV-R7-P2 to P3

       --- 9.6-ESV-R7-P3 released ---

3364.  [security]      Named could die on specially crafted record.
                       [RT #30416]

3358   [bug]           Fix declaration of fatal in bin/named/server.c
                       and bin/nsupdate/main.c. [RT #30522]


(I didn't pull out the irrelevant changes as I suspect they may be used by the pertinent changes)
Comment 2 Vincent Danen 2012-09-12 14:16:19 EDT
Created bind tracking bugs for this issue

Affects: fedora-all [bug 856756]
Comment 7 errata-xmlrpc 2012-09-14 05:32:37 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1268 https://rhn.redhat.com/errata/RHSA-2012-1268.html
Comment 8 errata-xmlrpc 2012-09-14 05:32:45 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:1267 https://rhn.redhat.com/errata/RHSA-2012-1267.html
Comment 9 errata-xmlrpc 2012-09-14 05:33:29 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:1266 https://rhn.redhat.com/errata/RHSA-2012-1266.html
Comment 18 Fedora Update System 2012-09-22 23:28:37 EDT
bind-9.9.1-9.P3.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2012-09-23 00:55:46 EDT
bind-9.9.1-10.P3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 23 Fedora Update System 2012-09-27 00:32:50 EDT
bind-9.8.3-4.P3.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 24 errata-xmlrpc 2012-10-12 15:43:43 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4 Extended Lifecycle Support

Via RHSA-2012:1365 https://rhn.redhat.com/errata/RHSA-2012-1365.html