Bug 1259087 (CVE-2015-5722) - CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service
Summary: CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-5722
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1259133 1259134 1259135 1259136 1259137 1259138 1259690 1259691 1300758 1300760 1300761
Blocks: 1259089 1484522
TreeView+ depends on / blocked
 
Reported: 2015-09-01 23:58 UTC by Kurt Seifried
Modified: 2019-09-29 13:36 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash.
Clone Of:
Environment:
Last Closed: 2015-09-03 04:59:49 UTC


Attachments (Terms of Use)
CVE-2015-5722.BIND-9.10.2.diff (20.22 KB, patch)
2015-09-02 00:00 UTC, Kurt Seifried
no flags Details | Diff
CVE-2015-5722.BIND-9.9.7.diff (13.46 KB, patch)
2015-09-02 00:01 UTC, Kurt Seifried
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1705 normal SHIPPED_LIVE Important: bind security update 2015-09-03 08:37:34 UTC
Red Hat Product Errata RHSA-2015:1706 normal SHIPPED_LIVE Important: bind security update 2015-09-03 06:52:11 UTC
Red Hat Product Errata RHSA-2015:1707 normal SHIPPED_LIVE Important: bind97 security update 2015-09-03 06:51:55 UTC
Red Hat Product Errata RHSA-2016:0078 normal SHIPPED_LIVE Important: bind security update 2016-01-28 18:27:03 UTC
Red Hat Product Errata RHSA-2016:0079 normal SHIPPED_LIVE Important: bind security update 2016-01-28 18:45:17 UTC

Description Kurt Seifried 2015-09-01 23:58:43 UTC
The following flaw, reported by ISC, was found in all versions of BIND 9 (9.0.0 through 9.8.8, 9.9.0 through 9.9.7-P2, and 9.10.0 through 9.10.2-P3):

Parsing a malformed DNSSEC key can cause a validating resolver to exit
due to a failed assertion in buffer.c. It is possible for a remote
attacker to deliberately trigger this condition, for example by using a
query which requires a response from a zone containing a deliberately
malformed key.

ISC would like to thank Hanno Böck from the Fuzzing Project for
discovering and reporting this defect. We would also like to express
our appreciation to the developers of the American Fuzzy Lop tool, which
has been instrumental in revealing recently-disclosed vulnerabilities in
BIND.

Acknowledgements:

Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter.

Comment 1 Kurt Seifried 2015-09-02 00:00:53 UTC
Created attachment 1069244 [details]
CVE-2015-5722.BIND-9.10.2.diff

Comment 2 Kurt Seifried 2015-09-02 00:01:34 UTC
Created attachment 1069245 [details]
CVE-2015-5722.BIND-9.9.7.diff

Comment 7 Huzaifa S. Sidhpurwala 2015-09-03 01:22:48 UTC
External References:

https://kb.isc.org/article/AA-01287/0

Comment 8 errata-xmlrpc 2015-09-03 02:52:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2015:1707 https://rhn.redhat.com/errata/RHSA-2015-1707.html

Comment 9 errata-xmlrpc 2015-09-03 02:52:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2015:1706 https://rhn.redhat.com/errata/RHSA-2015-1706.html

Comment 10 errata-xmlrpc 2015-09-03 04:38:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2015:1705 https://rhn.redhat.com/errata/RHSA-2015-1705.html

Comment 11 Tomáš Hozza 🤓 2015-09-03 09:15:36 UTC
Do you plan to create bugs for Fedora, too?

Comment 12 Huzaifa S. Sidhpurwala 2015-09-03 11:21:56 UTC
Created bind tracking bugs for this issue:

Affects: fedora-21 [bug 1259690]

Comment 13 Huzaifa S. Sidhpurwala 2015-09-03 11:22:00 UTC
Created bind99 tracking bugs for this issue:

Affects: fedora-22 [bug 1259691]

Comment 14 Kurt Seifried 2015-09-03 14:21:43 UTC
Closing the needinfo.

Comment 15 Fedora Update System 2015-09-06 01:09:34 UTC
bind99-9.9.7-7.P3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2015-09-06 17:04:41 UTC
bind-9.10.3-0.1.rc1.fc23, bind-dyndb-ldap-8.0-3.fc23, dnsperf-2.0.0.0-18.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 17 Fedora Update System 2015-09-06 17:04:56 UTC
bind99-9.9.7-7.P3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2015-09-09 23:18:37 UTC
bind-9.10.2-5.P4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2015-09-24 08:26:22 UTC
bind99-9.9.7-7.P3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2015-10-04 23:20:50 UTC
bind-9.9.6-11.P1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.

Comment 23 errata-xmlrpc 2016-01-28 13:28:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 AUS - Server Only
  Red Hat Enterprise Linux 6.4 AUS - Server Only

Via RHSA-2016:0078 https://rhn.redhat.com/errata/RHSA-2016-0078.html

Comment 24 errata-xmlrpc 2016-01-28 13:45:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 EUS - Server and Compute Node Only

Via RHSA-2016:0079 https://rhn.redhat.com/errata/RHSA-2016-0079.html


Note You need to log in before you can comment on or make changes to this bug.