2216581 – (CVE-2023-2829) CVE-2023-2829 bind: DNSSEC-Validated cache can be remotely terminated with malformed NSEC record

Bug 2216581 (CVE-2023-2829) - CVE-2023-2829 bind: DNSSEC-Validated cache can be remotely terminated with malformed NSEC record

Summary: CVE-2023-2829 bind: DNSSEC-Validated cache can be remotely terminated with ma...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-2829
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2216623 2216624 2216625 2216633 2216634 2216635 2216636 2216637 2216638 2216639 2216640 2216641 2217445 2217446 2217447 2217448
Blocks:	2216252
TreeView+	depends on / blocked

Reported:	2023-06-21 22:24 UTC by Anten Skrabec
Modified:	2023-06-28 17:41 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in BIND. This security flaw occurs when a named instance is configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (synth-from-dnssec) enabled; remote termination can occur using a zone with a malformed NSEC record.
Clone Of:
Environment:
Last Closed:	2023-06-28 17:41:01 UTC
Embargoed:

Attachments	(Terms of Use)

Description Anten Skrabec 2023-06-21 22:24:55 UTC

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.
This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.

https://kb.isc.org/docs/cve-2023-2829

Comment 1 Sandipan Roy 2023-06-22 05:49:11 UTC

Created bind tracking bugs for this issue:

Affects: fedora-37 [bug 2216623]
Affects: fedora-38 [bug 2216625]


Created dhcp tracking bugs for this issue:

Affects: fedora-37 [bug 2216624]

Comment 3 Petr Menšík 2023-06-22 14:07:44 UTC

According to upstream article [1] this is only affecting supported preview version. We do not have it in RHEL or even in Fedora. 
That is also why upstream release notes [2] of latest 9.16 does not mention this vulnerability.
We are not affected by this one. In any release or component. Nor have a change to backport.

Can all those bugs be closed?

1. https://kb.isc.org/docs/cve-2023-2829
2. https://downloads.isc.org/isc/bind9/9.16.42/doc/arm/html/notes.html#security-fixes

Comment 6 Product Security DevOps Team 2023-06-28 17:40:59 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-2829

Note You need to log in before you can comment on or make changes to this bug.