Bug 4500 - Denial of Service - BIND or GLibC
Denial of Service - BIND or GLibC
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: bind (Show other bugs)
6.0
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Cristian Gafton
: Security
: 4111 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-08-12 23:01 EDT by emolitor
Modified: 2008-05-01 11:37 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-01-06 16:11:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description emolitor 1999-08-12 23:01:58 EDT
When running Bind 8.2.1 on Redhat 6.0 BIND locks up when
recieving an invalid zone transfer. The only solution is to
restart bind. An strace makes it appear that this might be a
glibc bug relating to the gettimeofday function, but it
could be anything. The fact is that it renders a DNS server
useless.

I emailed jturner@redhat.com a detailed message and a
confirmation by another individual on this problem.


                    -- OUTPUT FROM strace --

                    recvfrom(22,
"\2471\1\0\0\1\0\0\0\0\0\0\00235\002"..., 513, 0,
{sin_family=AF_INET, sin_port=htons(1546),
                    sin_addr=inet_addr("195.17.98.35")},
[16]) = 43
                    sendto(22,
"\2471\205\200\0\1\0\1\0\3\0\3\002"..., 207, 0,
{sin_family=AF_INET, sin_port=htons(1546),
                    sin_addr=inet_addr("195.17.98.35")}, 16)
= 207
                    recvfrom(22, 0xbffff9a0, 513, 0,
0xbffffba4, 0xbffff98c) = -1 ECONNREFUSED (Connection
refused)
                    gettimeofday({934263570, 54725}, NULL)
= 0
                    readv(7, [{"\0\"", 2}], 1)
= 2
                    fcntl(7, F_GETFL)                      =
0x802 (flags O_RDWR|O_NONBLOCK) gettimeofday({934263570,
55682}, NULL)
                    = 0
                    fcntl(7, F_GETFL)                      =
0x802 (flags O_RDWR|O_NONBLOCK) gettimeofday({934263570,
56295}, NULL)
                    = 0
                    write(8,
"\0\277\5[\204\200\0\1\0\1\0\3\0\3"..., 193) = 193 fcntl(8,
F_GETFL)                      = 0x802 (flags
                    O_RDWR|O_NONBLOCK) fcntl(8, F_GETFL)
                  = 0x802 (flags O_RDWR|O_NONBLOCK)
                    gettimeofday({934263570, 58175}, NULL)
= 0
                    readv(6, [{"\0\33", 2}], 1)            =
0
                    fcntl(6, F_GETFL)                      =
0x802 (flags O_RDWR|O_NONBLOCK) gettimeofday({934263570,
59138}, NULL)
                    = 0
                    close(6

                    -- OUTPUT from strace --
Comment 1 emolitor 1999-08-14 01:50:59 EDT
Probably also the cause of BUG 4111
Comment 2 Cristian Gafton 1999-09-17 07:36:59 EDT
*** Bug 4111 has been marked as a duplicate of this bug. ***

After upgrading from Redhat5.2 to Redhat6.0, bind started
having some serious problems.  Our nameserver, which handles
DNS for about 10,000 users and 800 domains, started
experiencing "brown outs", where it would just stop
responding.  The solution was to either wait a long time,
and it would correct itself, or restart named.

It is not reproducable at will, but it does happen at least
a few times a day, on our system with that load.  Also I
would notice that on many occasions bind would peg the cpu.

Moving the rawhide's bind fixed this problem.  Reason is
still unknown.


------- Additional Comments From jturner@redhat.com  07/20/99 13:36 -------
This issue has been submitted to developer for further action.

I think that we might want to consider releasing bind-8.2.1-3 as an
errata item, as it seems to fix a number of problems that people are
seeing in bind-8.2-6.
Comment 3 Cristian Gafton 1999-09-17 07:38:59 EDT
Does the bind from rawhide and/or Lorax fixes the problem?

------- Additional Comments From   09/30/99 02:05 -------
One the topic of bind 8.2.1, There are some serious bugs (according
to ISC) in BIND 8.2 and below that could allow someone access to root
privledges and/or cause Denial Of Service attacks.  There is not an
rpm on bind 8.2.1 yet is there?  And will the problem described by
emoliter@unicomp.net exist in all releases of BIND 8.2.1?

I am trying to decide if I should upgrade my nameserver running 8.2
to 8.2.1 or if I should perhaps wait for 8.2.1a or something.  Please
help.



------- Additional Comments From   09/30/99 02:08 -------
Correction to above.  I think I did not make it clear that the bugs
described by ISC in Bind 8.2 only effect bind 8.2.  They are fixed in
8.2.1.  I am just concerned about what to do because I have not seen
an rpm for bind 8.2.1.  My redhat 6.0 machine came with and is
currently using Bind 8.2
Comment 4 Aleksey Nogin 1999-11-26 13:47:59 EST
Shouldn't this be marked as fixed in the errata?
Comment 5 Cristian Gafton 2000-01-06 16:11:59 EST
The rpm fropm 6.1 fixes this. Also the rpms available through errata pages.

Note You need to log in before you can comment on or make changes to this bug.