Bug 769068 (CVE-2011-4528, CVE-2011-4869) - CVE-2011-4528 CVE-2011-4869 unbound 1.4.13 DNS Server multiple crashes
Summary: CVE-2011-4528 CVE-2011-4869 unbound 1.4.13 DNS Server multiple crashes
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2011-4528, CVE-2011-4869
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-12-19 20:23 UTC by Kurt Seifried
Modified: 2019-09-29 12:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-28 02:57:53 UTC


Attachments (Terms of Use)

Description Kurt Seifried 2011-12-19 20:23:06 UTC
https://secunia.com/advisories/47220/

Description

Two vulnerabilities have been reported in Unbound, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) A memory allocation error when processing certain RRs (Resource Records) can be exploited to cause a crash by sending signed duplicate redirecting RRs.

2) An error when processing certain responses for NSEC3-signed zones can be exploited to e.g. cause an assertion error or crash by sending specially crafted responses.

The vulnerabilities are reported in versions prior to 1.4.14.

Solution
Update to version 1.4.13p2 and 1.4.14 or apply patches.
Further details available in Customer Area

Provided and/or discovered by
Reported by the vendor.

Original Advisory
http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt

Comment 1 Vincent Danen 2011-12-20 15:48:50 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4869 to
the following vulnerability:

Name: CVE-2011-4869
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4869
Assigned: 20111220
Reference: http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt
Reference: http://www.kb.cert.org/vuls/id/209659

validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly
perform proof processing for NSEC3-signed zones, which allows remote
DNS servers to cause a denial of service (daemon crash) via a
malformed response that lacks expected NSEC3 records, a different
vulnerability than CVE-2011-4528.


Also note that unbound 1.4.14 is pending in Fedora and EPEL:  https://admin.fedoraproject.org/updates/search/CVE-2011-4528

Comment 2 Fedora Update System 2012-01-01 21:21:43 UTC
unbound-1.4.14-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 3 Fedora Update System 2012-01-01 21:23:31 UTC
unbound-1.4.14-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2012-01-05 20:33:01 UTC
unbound-1.4.14-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2012-01-05 20:33:27 UTC
unbound-1.4.14-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.