Bug 999170

Summary: bind: vulnerability in the SRTT algorithm
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jkurik, thozza, vonsch
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-10 21:08:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 999171    

Description Vincent Danen 2013-08-20 20:55:11 UTC 
A deficiency in the SRTT (Smoothed Round Trip Time) algorithm in BIND9 was reported that could theoretically allow an attacker to lower the SRTT value that a recursive resolver has associated with an authoritative server.  This could allow the attacker to influence the selection of a specific authoritative server from an NS resource record set with multiple values and thus determine which of multiple authoritative servers for a domain will be queried.

ISC has indicated that they intend to address this deficiency by reimplementing the SRTT algorithm in a future maintenance release of BIND9.  They also note that "the deficiency in the SRTT algorithm is not considered an exploitable security vulnerability on its own".


External References:

https://kb.isc.org/article/AA-01030/169/Operational-Notification-A-Vulnerability-in-the-SRTT-Algorithm-affects-BIND-9-Authoritative-Server-Selection.html
Comment 2 Huzaifa S. Sidhpurwala 2013-08-28 09:13:25 UTC 
Statement:

This issue affects the version of bind shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of bind97 shipped with Red Hat Enterprise Linux 5. Upstream has indicated that they intend to address this deficiency by reimplementing the SRTT algorithm in a future maintenance release of BIND9.