Red Hat Bugzilla – Bug 1259087
CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service
Last modified: 2017-08-23 15:13:52 EDT
The following flaw, reported by ISC, was found in all versions of BIND 9 (9.0.0 through 9.8.8, 9.9.0 through 9.9.7-P2, and 9.10.0 through 9.10.2-P3): Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from a zone containing a deliberately malformed key. ISC would like to thank Hanno Böck from the Fuzzing Project for discovering and reporting this defect. We would also like to express our appreciation to the developers of the American Fuzzy Lop tool, which has been instrumental in revealing recently-disclosed vulnerabilities in BIND. Acknowledgements: Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter.
Created attachment 1069244 [details] CVE-2015-5722.BIND-9.10.2.diff
Created attachment 1069245 [details] CVE-2015-5722.BIND-9.9.7.diff
External References: https://kb.isc.org/article/AA-01287/0
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:1707 https://rhn.redhat.com/errata/RHSA-2015-1707.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:1706 https://rhn.redhat.com/errata/RHSA-2015-1706.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2015:1705 https://rhn.redhat.com/errata/RHSA-2015-1705.html
Do you plan to create bugs for Fedora, too?
Created bind tracking bugs for this issue: Affects: fedora-21 [bug 1259690]
Created bind99 tracking bugs for this issue: Affects: fedora-22 [bug 1259691]
Closing the needinfo.
bind99-9.9.7-7.P3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
bind-9.10.3-0.1.rc1.fc23, bind-dyndb-ldap-8.0-3.fc23, dnsperf-2.0.0.0-18.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
bind-9.10.2-5.P4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
bind99-9.9.7-7.P3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
bind-9.9.6-11.P1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 AUS - Server Only Red Hat Enterprise Linux 6.4 AUS - Server Only Via RHSA-2016:0078 https://rhn.redhat.com/errata/RHSA-2016-0078.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 EUS - Server and Compute Node Only Via RHSA-2016:0079 https://rhn.redhat.com/errata/RHSA-2016-0079.html