1508003 – bind: default rndc key uses insecure hmac-md5

Bug 1508003 - bind: default rndc key uses insecure hmac-md5

Summary: bind: default rndc key uses insecure hmac-md5

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bind
Sub Component:
Version:	25
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Petr Menšík
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-10-31 16:34 UTC by Petr Menšík
Modified:	2017-11-22 02:28 UTC (History)
CC List:	6 users (show)
Fixed In Version:	bind-9.11.1-8.P3.fc27 bind-9.11.1-3.P3.fc26
Clone Of:
Environment:
Last Closed:	2017-11-15 17:54:17 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Petr Menšík 2017-10-31 16:34:34 UTC

Description of problem:
When named is first started and /etc/rndc.conf or /etc/rndc.key does not exist, /etc/rndc.key is generated. It uses insecure algorithm hmac-md5, when more secure algorithms are supported.

Version-Release number of selected component (if applicable):
bind-9.10.5-2.P2.fc25.x86_64
bind-9.11.1-2.P3.fc26.x86_64

How reproducible:
always

Steps to Reproduce:
1. dnf install bind
2. rm -f /etc/rndc.conf /etc/rndc.key
3. systemctl restart named
4. grep algorithm /etc/rndc.key

Actual results:
$ grep algorithm /etc/rndc.key 
	algorithm hmac-md5;

Expected results:
$ grep algorithm /etc/rndc.key 
	algorithm hmac-sha256;

Additional info:
All supported versions are affected

Comment 1 Fedora Update System 2017-11-13 19:31:32 UTC

bind-9.10.5-3.P3.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b68d7f3b8b

Comment 2 Fedora Update System 2017-11-13 19:31:59 UTC

bind-9.11.1-3.P3.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-d9cf76b94f

Comment 3 Fedora Update System 2017-11-13 19:32:26 UTC

bind-9.11.1-8.P3.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-5acfc0cae5

Comment 4 Fedora Update System 2017-11-14 03:14:23 UTC

bind-9.10.5-3.P3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b68d7f3b8b

Comment 5 Fedora Update System 2017-11-14 04:10:17 UTC

bind-9.11.1-3.P3.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-d9cf76b94f

Comment 6 Fedora Update System 2017-11-14 10:59:01 UTC

bind-9.11.1-8.P3.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-5acfc0cae5

Comment 7 Fedora Update System 2017-11-15 17:54:17 UTC

bind-9.11.1-8.P3.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2017-11-22 02:28:54 UTC

bind-9.11.1-3.P3.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.