Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 616706 - (CVE-2010-0213) CVE-2010-0213 BIND: DoS (infinite loop of RRSIGs queries to authoritative servers) via certain RRSIG query
CVE-2010-0213 BIND: DoS (infinite loop of RRSIGs queries to authoritative ser...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20100715,reported=20100721,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-21 05:00 EDT by Jan Lieskovsky
Modified: 2016-03-04 07:04 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-29 02:54:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2010-07-21 05:00:11 EDT
ISC BIND upstream recently released a fix:
  [1] http://www.isc.org/software/bind/advisories/cve-2010-0213

for a deficiency in the way BIND processed certain RRSIG queries. More
exact details from [1]:

If a query is made explicitly for a record of type 'RRSIG' to a validating
recursive server running BIND 9.7.1 or 9.7.1-P1, and the server has one or
more trust anchors configured statically and/or via DLV, then if the answer
is not already in cache, the server enters a loop which repeatedly generates
queries for RRSIGs to the authoritative servers for the zone containing the
queried name.

Affected BIND versions: v9.7.1, v9.7.1-P1

References:
  [2] http://www.kb.cert.org/vuls/id/211905 (not available yet)
  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0213 (not
      available yet)

Credit: Upstream acknowledges Marco Davids of SIDN for discovering and
        testing the issue.
Comment 2 Jan Lieskovsky 2010-07-21 05:13:04 EDT
This issue did NOT affect the versions of the bind package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.

This issue did NOT affect the version of the bind package, as shipped
with Fedora release of 12.

This issue affects the version of the bind package, as shipped with
Fedora release of 13. Updates will be available shortly.
Comment 3 Jan Lieskovsky 2010-07-21 05:14:01 EDT
Statement:

Not vulnerable. This issue did not affect the versions of the bind as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Comment 5 Fedora Update System 2010-07-22 22:35:03 EDT
bind-9.7.1-2.P2.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.