Bug 769068 - (CVE-2011-4528, CVE-2011-4869) CVE-2011-4528 CVE-2011-4869 unbound 1.4.13 DNS Server multiple crashes
CVE-2011-4528 CVE-2011-4869 unbound 1.4.13 DNS Server multiple crashes
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20111219,reported=2...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-19 15:23 EST by Kurt Seifried
Modified: 2015-07-31 02:46 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-02-27 21:57:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kurt Seifried 2011-12-19 15:23:06 EST
https://secunia.com/advisories/47220/

Description

Two vulnerabilities have been reported in Unbound, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) A memory allocation error when processing certain RRs (Resource Records) can be exploited to cause a crash by sending signed duplicate redirecting RRs.

2) An error when processing certain responses for NSEC3-signed zones can be exploited to e.g. cause an assertion error or crash by sending specially crafted responses.

The vulnerabilities are reported in versions prior to 1.4.14.

Solution
Update to version 1.4.13p2 and 1.4.14 or apply patches.
Further details available in Customer Area

Provided and/or discovered by
Reported by the vendor.

Original Advisory
http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt
Comment 1 Vincent Danen 2011-12-20 10:48:50 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4869 to
the following vulnerability:

Name: CVE-2011-4869
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4869
Assigned: 20111220
Reference: http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt
Reference: http://www.kb.cert.org/vuls/id/209659

validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly
perform proof processing for NSEC3-signed zones, which allows remote
DNS servers to cause a denial of service (daemon crash) via a
malformed response that lacks expected NSEC3 records, a different
vulnerability than CVE-2011-4528.


Also note that unbound 1.4.14 is pending in Fedora and EPEL:  https://admin.fedoraproject.org/updates/search/CVE-2011-4528
Comment 2 Fedora Update System 2012-01-01 16:21:43 EST
unbound-1.4.14-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2012-01-01 16:23:31 EST
unbound-1.4.14-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2012-01-05 15:33:01 EST
unbound-1.4.14-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2012-01-05 15:33:27 EST
unbound-1.4.14-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.