Bug 224443 - CVE-2007-0493 BIND might crash after attempting to read free()-ed memory
CVE-2007-0493 BIND might crash after attempting to read free()-ed memory
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
6
All Linux
low Severity low
: ---
: ---
Assigned To: Adam Tkac
Ben Levenson
http://marc.theaimsgroup.com/?l=bind-...
impact=low,source=gentoo,public=20070...
: Security
Depends On:
Blocks: CVE-2007-0493
  Show dependency treegraph
 
Reported: 2007-01-25 14:04 EST by Lubomir Kundrak
Modified: 2013-04-30 19:35 EDT (History)
2 users (show)

See Also:
Fixed In Version: bind-9.3.4-1.fc6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-30 08:53:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Fix for BIND out-of bound read DoS sucked from upstream BIND release (9.88 KB, patch)
2007-01-25 14:04 EST, Lubomir Kundrak
no flags Details | Diff

  None (edit)
Description Lubomir Kundrak 2007-01-25 14:04:16 EST
Description of problem:

fetchctx structures,  not keeping count of its uses, might be read
even after beind deallocated resulting in name server denial of
service under certain circumstances.

Version-Release number of selected component (if applicable):

Unclear whether this issue also affects 3.2 BIND, besides 3.3.
For sure affects FC-5, FC-6 and RHEL-5

How reproducible:

Hardly ever.

Steps to Reproduce:

No known way to reproduce. The advisory notes, that the issue can be
partly mitigated by disabling recursion, so probably some deep recursive
queries might trigger the bug?
  
Actual results:

Server DoS?

Expected results:

What would you expect from read of deallocated memory? :)

Additional info:

ISC sucks at providing either patches or information about the flaws.
The attached patch incorporates another fix which changes roughly the
same code.
Comment 1 Lubomir Kundrak 2007-01-25 14:04:16 EST
Created attachment 146596 [details]
Fix for BIND out-of bound read DoS sucked from upstream BIND release
Comment 3 Josh Bressers 2007-01-29 16:07:50 EST
It looks like this update has been released for FC6, but has not been fixed in
FC5 yet.
Comment 4 David Eisenstein 2007-02-02 14:26:36 EST
Looks like updates for these issues have been issued now for both FC5 and
FC6.

FC6:  FEDORA-2007-147
http://www.redhat.com/archives/fedora-package-announce/2007-
January/msg00153.html

FC5:  FEDORA-2007-164
http://www.redhat.com/archives/fedora-package-announce/2007-
January/msg00180.html

Note You need to log in before you can comment on or make changes to this bug.