Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 557983 - (CVE-2010-0382) CVE-2010-0382 bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022
CVE-2010-0382 bind: out-of-bailiwick data vulnerability due to regression whi...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://web.nvd.nist.gov/view/vuln/det...
impact=moderate,source=cve,reported=2...
: Security
Depends On: 555119
Blocks:
  Show dependency treegraph
 
Reported: 2010-01-22 18:15 EST by Vincent Danen
Modified: 2010-01-26 16:21 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-01-25 12:46:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Vincent Danen 2010-01-22 18:15:17 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0382 to
the following vulnerability:

Name: CVE-2010-0382
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0382
Assigned: 20100122
Reference: CONFIRM: https://www.isc.org/advisories/CVE-2009-4022v6

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before
9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick
data accompanying a secure response without re-fetching from the
original source, which allows remote attackers to have an unspecified
impact via a crafted response, aka Bug 20819.  NOTE: this vulnerability
exists because of a regression during the fix for CVE-2009-4022
Comment 1 Vincent Danen 2010-01-22 18:26:53 EST 
I'm unsure whether this got fixed along with CVE-2010-0290 (bug #557121) because that bug is also due to a regression of CVE-2009-4022.  The upstream advisory states:

2828. [security] Cached CNAME or DNAME RR could be returned to clients without DNSSEC validation. [RT #20737]

2831. [security] Do not attempt to validate or cache out-of-bailiwick data returned with a secure answer; it must be re-fetched from its original source and validated in that context. (Regression bug introduced by fix for RT #20438) [RT #20819] 

So it's listing it as two separate issues (2828 would correspond with CVE-2010-0290) which is probably why MITRE assigned two CVEs.  What is unclear is whether or not the fix we used for CVE-2010-0290 also corrects this issue.
Comment 2 Adam Tkac 2010-01-25 03:35:17 EST 
This issue is fixed together with CVE-2010-0290 (bug #557121). Updated packages are already released (for RHEL5).
Comment 3 Vincent Danen 2010-01-25 12:46:54 EST 
Thanks for that confirmation Adam.

This issue is then resolved via RHSA-2010:0062:

https://rhn.redhat.com/errata/RHSA-2010-0062.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.