Bug 1193820 (CVE-2015-1349) - CVE-2015-1349 bind: issue in trust anchor management can cause named to crash
Summary: CVE-2015-1349 bind: issue in trust anchor management can cause named to crash
Status: CLOSED ERRATA
Alias: CVE-2015-1349
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20150220,repor...
Keywords: Security
Depends On: 1197618 1197619 1197620 1197621
Blocks: 1193821
TreeView+ depends on / blocked
 
Reported: 2015-02-18 10:31 UTC by Vasyl Kaigorodov
Modified: 2019-06-08 20:26 UTC (History)
10 users (show)

(edit)
A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions.
Clone Of:
(edit)
Last Closed: 2015-03-11 03:51:47 UTC


Attachments (Terms of Use)
bind9-patch-v9_10_1-CVE-2015-1349 (1.49 KB, text/plain)
2015-02-18 10:32 UTC, Vasyl Kaigorodov
no flags Details
bind9-patch-v9_9_6-CVE-2015-1349 (1.48 KB, text/plain)
2015-02-18 10:33 UTC, Vasyl Kaigorodov
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0672 normal SHIPPED_LIVE Moderate: bind security update 2015-03-11 05:58:18 UTC

Description Vasyl Kaigorodov 2015-02-18 10:31:54 UTC
It was reported that a problem with trust anchor management can cause named to crash, affecting BIND versions 9.7.0+.

ISC developers believe that it will be very difficult for this to be triggered in most cases, requiring DNSSEC validation amongst other factors.

ISC will not be producing patches specifically for BIND 9.8 or BIND 9.6-ESV, both of which are beyond their End of Life (EOL) and are no longer supported by ISC.

Patches that correct this issue for ISC BIND 9.10.1 and ISC BIND 9.9.6 are attached to this Bugzilla.

Comment 1 Vasyl Kaigorodov 2015-02-18 10:32:54 UTC
Created attachment 993044 [details]
bind9-patch-v9_10_1-CVE-2015-1349

Comment 2 Vasyl Kaigorodov 2015-02-18 10:33:11 UTC
Created attachment 993045 [details]
bind9-patch-v9_9_6-CVE-2015-1349

Comment 3 Vasyl Kaigorodov 2015-02-18 10:36:08 UTC
Acknowledgements:

Red Hat would like to thank ISC for reporting this issue.

Comment 4 Vasyl Kaigorodov 2015-02-20 13:16:58 UTC
Looking at bind9-patch-v9_9_6-CVE-2015-1349, and at RHEL code, it appear that RHEL 5 (bind-9.3.6-P1) is not affected by this (does not contain affected code), and both RHEL-6 (bind-9.8.2rc1) and RHEL-7 (bind-9.9.4) are affected by this issue.

Comment 5 Vasyl Kaigorodov 2015-02-20 13:43:57 UTC
There is also bind97 component in RHEL-5 which, according to upstream, is also affected.

Comment 7 Tomáš Hozza 🤓 2015-02-24 08:27:47 UTC
setting NEEDINFO due to comment #6

Comment 12 Fedora Update System 2015-03-05 12:38:42 UTC
bind-9.9.6-8.P1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2015-03-05 12:38:48 UTC
bind-9.9.4-18.P2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 errata-xmlrpc 2015-03-11 01:58:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2015:0672 https://rhn.redhat.com/errata/RHSA-2015-0672.html

Comment 19 Fabio Olive Leite 2015-03-26 20:00:26 UTC
Statement:

Red Hat Enterprise Linux 5 ships with both bind (9.3) packages which are not affected by this issue, and bind97 packages, which are affected by this issue.
Red Hat Enterprise Linux 5 is now in Production Phase 3 of the support and maintenance life cycle. This issue is not currently planned to be addressed in future bind97 updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.


Note You need to log in before you can comment on or make changes to this bug.