Bug 1259085 - (CVE-2015-5986) CVE-2015-5986 Bind: fromwire_openpgpkey() incorrect boundary check Denial of Service
CVE-2015-5986 Bind: fromwire_openpgpkey() incorrect boundary check Denial of ...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20150902,repor...
: Security
Depends On: 1259563
Blocks: 1259089
  Show dependency treegraph
 
Reported: 2015-09-01 19:40 EDT by Kurt Seifried
Modified: 2015-09-24 04:26 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A boundary check flaw was found in the way BIND parsed answers in certain DNS queries. A remote attacker able to provide a specially crafted response in an answer to a query could cause named functioning as a recursive resolver to crash.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-03 00:59:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
CVE-2015-5986.BIND.9.10.2.diff (477 bytes, patch)
2015-09-01 19:41 EDT, Kurt Seifried
no flags Details | Diff
CVE-2015-5986.BIND-9.9.7.diff (475 bytes, patch)
2015-09-01 19:42 EDT, Kurt Seifried
no flags Details | Diff

  None (edit)
Description Kurt Seifried 2015-09-01 19:40:48 EDT
The following flaw, reported by ISC, was found in recent versions of BIND 9 ( 9.9.7 through 9.9.7-P2, and 9.10.2 through 9.10.2-P3):

An incorrect boundary check in openpgpkey_61.c can cause named to
terminate due to a REQUIRE assertion failure. This defect can be
deliberately exploited by an attacker who can provide a maliciously
constructed response in answer to a query.

Acknowledgements:

Red Hat would like to thank ISC for reporting this issue.
Comment 1 Kurt Seifried 2015-09-01 19:41:49 EDT
Created attachment 1069242 [details]
CVE-2015-5986.BIND.9.10.2.diff
Comment 2 Kurt Seifried 2015-09-01 19:42:14 EDT
Created attachment 1069243 [details]
CVE-2015-5986.BIND-9.9.7.diff
Comment 3 Kurt Seifried 2015-09-02 00:03:23 EDT
Statement:

This issue did not affect the versions of Bind as shipped with Red Hat Enterprise Linux 4, 5, 6 and 7 as they did not include support for fromwire_openpgpkey().
Comment 5 Huzaifa S. Sidhpurwala 2015-09-02 21:22:11 EDT
External References:

https://kb.isc.org/article/AA-01291/0
Comment 6 Huzaifa S. Sidhpurwala 2015-09-03 00:54:45 EDT
Created bind99 tracking bugs for this issue:

Affects: fedora-22 [bug 1259563]
Comment 7 Fedora Update System 2015-09-05 21:09:30 EDT
bind99-9.9.7-7.P3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2015-09-06 13:04:53 EDT
bind99-9.9.7-7.P3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2015-09-24 04:26:17 EDT
bind99-9.9.7-7.P3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.