Bug 856754 (CVE-2012-4244) - CVE-2012-4244 bind: specially crafted resource record causes named to exit
Summary: CVE-2012-4244 bind: specially crafted resource record causes named to exit
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-4244
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 856756 856904 856905 856906 856907 856908 856909 859916
Blocks: 856774
TreeView+ depends on / blocked
 
Reported: 2012-09-12 18:11 UTC by Vincent Danen
Modified: 2019-09-29 12:55 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-15 16:31:22 UTC
Embargoed:


Attachments (Terms of Use)
diff of bind-9.6-ESV-R7-P2 to P3 (196.03 KB, patch)
2012-09-12 18:15 UTC, Vincent Danen
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 209473 0 None None None 2012-09-15 14:02:13 UTC
Red Hat Product Errata RHSA-2012:1266 0 normal SHIPPED_LIVE Important: bind97 security update 2012-09-14 13:30:56 UTC
Red Hat Product Errata RHSA-2012:1267 0 normal SHIPPED_LIVE Important: bind security and bug fix update 2012-09-14 13:30:33 UTC
Red Hat Product Errata RHSA-2012:1268 0 normal SHIPPED_LIVE Important: bind security update 2012-09-14 13:30:09 UTC
Red Hat Product Errata RHSA-2012:1365 0 normal SHIPPED_LIVE Important: bind security update 2012-10-12 23:40:10 UTC

Description Vincent Danen 2012-09-12 18:11:16 UTC
A flaw in ISC BIND was reported [1] where a nameserver could be caused to exit with a REQUIRE exception if it received a specially crafted resource record with RDATA that exceeded 65535 bytes and then received a subsequent query for that record.  This can be exploited remotely against recursive servers by getting them to query for records provided by an authoritative server.  It also affects authoritative servers if a zone containing this kind of resource record is loaded from a file on disk or via a zone transfer.

[1] https://kb.isc.org/article/AA-00778/74

Comment 1 Vincent Danen 2012-09-12 18:15:12 UTC
Created attachment 612201 [details]
diff of bind-9.6-ESV-R7-P2 to P3

       --- 9.6-ESV-R7-P3 released ---

3364.  [security]      Named could die on specially crafted record.
                       [RT #30416]

3358   [bug]           Fix declaration of fatal in bin/named/server.c
                       and bin/nsupdate/main.c. [RT #30522]


(I didn't pull out the irrelevant changes as I suspect they may be used by the pertinent changes)

Comment 2 Vincent Danen 2012-09-12 18:16:19 UTC
Created bind tracking bugs for this issue

Affects: fedora-all [bug 856756]

Comment 7 errata-xmlrpc 2012-09-14 09:32:37 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1268 https://rhn.redhat.com/errata/RHSA-2012-1268.html

Comment 8 errata-xmlrpc 2012-09-14 09:32:45 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:1267 https://rhn.redhat.com/errata/RHSA-2012-1267.html

Comment 9 errata-xmlrpc 2012-09-14 09:33:29 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:1266 https://rhn.redhat.com/errata/RHSA-2012-1266.html

Comment 18 Fedora Update System 2012-09-23 03:28:37 UTC
bind-9.9.1-9.P3.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2012-09-23 04:55:46 UTC
bind-9.9.1-10.P3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 Fedora Update System 2012-09-27 04:32:50 UTC
bind-9.8.3-4.P3.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 24 errata-xmlrpc 2012-10-12 19:43:43 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4 Extended Lifecycle Support

Via RHSA-2012:1365 https://rhn.redhat.com/errata/RHSA-2012-1365.html


Note You need to log in before you can comment on or make changes to this bug.