Red Hat Bugzilla – Bug 1247361
CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service
Last modified: 2016-11-27 14:38:49 EST
The following flaw, reported by ISC, was found in all versions of BIND 9 (from, and including, 9.1.0): An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. Both recursive and authoritative servers are vulnerable to this defect. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries. This flaw is fixed in upstream versions 9.9.7-P2 and 9.10.2-P3. Acknowledgements: Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.
Created attachment 1056756 [details] bind99-CVE-2015-5477.patch Patch provided by upstream
Public now via upstream security advisory. External References: https://kb.isc.org/article/AA-01272 https://access.redhat.com/solutions/1548963
Created bind99 tracking bugs for this issue: Affects: fedora-22 [bug 1247755]
Created bind tracking bugs for this issue: Affects: fedora-all [bug 1247754]
Statement: (none)
Upstream commit: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=dbb064aa7972ef918d9a235b713108a4846cbb62
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:1515 https://rhn.redhat.com/errata/RHSA-2015-1515.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:1514 https://rhn.redhat.com/errata/RHSA-2015-1514.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2015:1513 https://rhn.redhat.com/errata/RHSA-2015-1513.html
bind-9.10.2-4.P3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
bind-9.9.6-10.P1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
bind99-9.9.7-6.P2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
(In reply to Vincent Danen from comment #14) > Statement: > > This issue affected the versions of bind as shipped with Red Hat Enterprise > Linux 4, 5, 6 and 7, and the versions of bind97 as shipped with Red Hat > Enterprise Linux 5. This is an important security update. When are the updated packages for RHEL 4 ELS going to be released? Thanks.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 AUS - Server Only Red Hat Enterprise Linux 6.4 AUS - Server Only Via RHSA-2016:0078 https://rhn.redhat.com/errata/RHSA-2016-0078.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 EUS - Server and Compute Node Only Via RHSA-2016:0079 https://rhn.redhat.com/errata/RHSA-2016-0079.html