A denial of service flaw was found in the way bind, a Berkeley Internet Name Domain (BIND) Domain Name System (DNS) server, performed processing of recursive queries for negative cache entries. A remote attacker could provide a specially-crafted DNS query, forcing the named server to process and log the error message, leading to named server crash. A different vulnerability than CVE-2009-0696 and CVE-2011-2464. References: [1] http://www.isc.org/software/bind/advisories/cve-2011-tbd
Created bind tracking bugs for this issue Affects: fedora-all [bug 754509]
This is CVE-2011-4313.
*** Bug 754494 has been marked as a duplicate of this bug. ***
Any ETA for a fix for this?
I have added the patch to the upstream spec file, and I have built an updated rpm package in our repository: http://repo.nixval.com/nixval-centos/5/updates/repodata/repoview/bind-30-9.3.6-16P1.1.el5.html I have used the following patch: http://seclists.org/oss-sec/2011/q4/att-317/bind-9_3_5-up-CVE-2011-4313.diff Cheers.
(In reply to comment #10) > > I have used the following patch: > > http://seclists.org/oss-sec/2011/q4/att-317/bind-9_3_5-up-CVE-2011-4313.diff > > Cheers. The patch is not 100% correct because 9.3.X version handles negative rdatasets differently. The rbtdb.c part of the patch uses RDATASET_ATTR_NEGATIVE attribute but this attribute is never set. However the query.c part of the patch is correct and in my opinion it's sufficient to prevent the crash.
I found the Ubuntu patch, but is for version 9.7. This is the only patch I've found.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:1459 https://rhn.redhat.com/errata/RHSA-2011-1459.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:1458 https://rhn.redhat.com/errata/RHSA-2011-1458.html
What is the position on RHEL 4 with the bind-9.2.4-37.el4 release? --Larry
Statement: (none)
ISC updated the document as it affects all BIND9. Does our statement get effect or not? > Versions affected: > BIND 9.0.x -> 9.6.x , 9.4-ESV->9.4-ESV-R5, 9.6-ESV->9.6-ESV-R5, 9.7.0->9.7.4, > 9.8.0->9.8.1, 9.9.0a1->9.9.0b1
RHEL 4 version is 9.2.4-37.el4, so shouldn't it also be affected?
(In reply to comment #17) Hello Kazuo-san, > ISC updated the document as it affects all BIND9. > Does our statement get effect or not? The particular statement has been updated / deleted. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team > > > Versions affected: > > BIND 9.0.x -> 9.6.x , 9.4-ESV->9.4-ESV-R5, 9.6-ESV->9.6-ESV-R5, 9.7.0->9.7.4, > 9.8.0->9.8.1, 9.9.0a1->9.9.0b1
(In reply to comment #18) Hello Danilo, > RHEL 4 version is 9.2.4-37.el4, so shouldn't it also be affected? Yes, from communication with upstream it concluded the version of bind package, as shipped with Red Hat Enterprise Linux 4 is vulnerable to the CVE-2011-4313 issue too. Currently we are working on preparing a bind package update for Red Hat Enterprise Linux 4, and once it has passed all the required testing it will be released. Hope this helps. Let us know if we can be of any further assistance. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2011:1496 https://rhn.redhat.com/errata/RHSA-2011-1496.html
External References: https://www.isc.org/software/bind/advisories/cve-2011-4313 https://deepthought.isc.org/article/AA-00549