Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1108544 - (CVE-2014-3859) CVE-2014-3859 bind: assertion failure during EDNS option processing
CVE-2014-3859 bind: assertion failure during EDNS option processing
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20140611,repo...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2014-06-12 04:27 EDT by Murray McAllister
Modified: 2015-01-04 17:40 EST (History)
4 users (show)

See Also:
Fixed In Version: bind 9.10.0-P2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-12 04:35:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Murray McAllister 2014-06-12 04:27:25 EDT 
A flaw in the EDNS option processing could cause named to crash with an assertion failure when processing specially-crafted queries.

This issue only affected BIND versions 9.10.0 and 9.10.0-P1. This version is not shipped in any Red Hat products or in Fedora.

External References:

https://kb.isc.org/article/AA-01166
Comment 2 Murray McAllister 2014-06-12 04:30:52 EDT 
Statement:

Not vulnerable. This issue did not affect the versions of bind or bind97 as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Comment 4 Murray McAllister 2014-06-12 04:34:45 EDT 
This issue (or some of it) was fixed with the following:

lib/dns/message.c
@@ -3359,6 +3360,8 @@
 				 * version
 				 */
 				ADD_STRING(target, "(\"");
+				if (isc_buffer_availablelength(target) < optlen)
+					return (ISC_R_NOSPACE);
 				for (i = 0; i < optlen; i++) {
 					if (isprint(optdata[i]))
 						isc_buffer_putmem(target,
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.