Red Hat Bugzilla – Bug 224445
CVE-2007-0493 BIND might crash after attempting to read free()-ed memory
Last modified: 2013-04-30 19:35:12 EDT
+++ This bug was initially created as a clone of Bug #224443 +++
Description of problem:
fetchctx structures, not keeping count of its uses, might be read
even after beind deallocated resulting in name server denial of
service under certain circumstances.
Version-Release number of selected component (if applicable):
Unclear whether this issue also affects 3.2 BIND, besides 3.3.
For sure affects FC-5, FC-6 and RHEL-5
Steps to Reproduce:
No known way to reproduce. The advisory notes, that the issue can be
partly mitigated by disabling recursion, so probably some deep recursive
queries might trigger the bug?
What would you expect from read of deallocated memory? :)
ISC is not particularly good at providing either patches or information
about the flaws. The attached patch incorporates another fix which
changes roughly the same code.
-- Additional comment from firstname.lastname@example.org on 2007-01-25 14:04 EST --
Created an attachment (id=146596)
Fix for BIND out-of bound read DoS sucked from upstream BIND release
Created attachment 147023 [details]
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
*** Bug 238117 has been marked as a duplicate of this bug. ***