Bug 856754 - (CVE-2012-4244) CVE-2012-4244 bind: specially crafted resource record causes named to exit
CVE-2012-4244 bind: specially crafted resource record causes named to exit
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20120912,repo...
: Security
Depends On: 856756 856904 856905 856906 856907 856908 856909 859916
Blocks: 856774
  Show dependency treegraph
 
Reported: 2012-09-12 14:11 EDT by Vincent Danen
Modified: 2012-10-12 15:43 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-15 12:31:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
diff of bind-9.6-ESV-R7-P2 to P3 (196.03 KB, patch)
2012-09-12 14:15 EDT, Vincent Danen
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 209473 None None None 2012-09-15 10:02:13 EDT

  None (edit)
Description Vincent Danen 2012-09-12 14:11:16 EDT
A flaw in ISC BIND was reported [1] where a nameserver could be caused to exit with a REQUIRE exception if it received a specially crafted resource record with RDATA that exceeded 65535 bytes and then received a subsequent query for that record.  This can be exploited remotely against recursive servers by getting them to query for records provided by an authoritative server.  It also affects authoritative servers if a zone containing this kind of resource record is loaded from a file on disk or via a zone transfer.

[1] https://kb.isc.org/article/AA-00778/74
Comment 1 Vincent Danen 2012-09-12 14:15:12 EDT
Created attachment 612201 [details]
diff of bind-9.6-ESV-R7-P2 to P3

       --- 9.6-ESV-R7-P3 released ---

3364.  [security]      Named could die on specially crafted record.
                       [RT #30416]

3358   [bug]           Fix declaration of fatal in bin/named/server.c
                       and bin/nsupdate/main.c. [RT #30522]


(I didn't pull out the irrelevant changes as I suspect they may be used by the pertinent changes)
Comment 2 Vincent Danen 2012-09-12 14:16:19 EDT
Created bind tracking bugs for this issue

Affects: fedora-all [bug 856756]
Comment 7 errata-xmlrpc 2012-09-14 05:32:37 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1268 https://rhn.redhat.com/errata/RHSA-2012-1268.html
Comment 8 errata-xmlrpc 2012-09-14 05:32:45 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:1267 https://rhn.redhat.com/errata/RHSA-2012-1267.html
Comment 9 errata-xmlrpc 2012-09-14 05:33:29 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:1266 https://rhn.redhat.com/errata/RHSA-2012-1266.html
Comment 18 Fedora Update System 2012-09-22 23:28:37 EDT
bind-9.9.1-9.P3.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2012-09-23 00:55:46 EDT
bind-9.9.1-10.P3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 23 Fedora Update System 2012-09-27 00:32:50 EDT
bind-9.8.3-4.P3.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 24 errata-xmlrpc 2012-10-12 15:43:43 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4 Extended Lifecycle Support

Via RHSA-2012:1365 https://rhn.redhat.com/errata/RHSA-2012-1365.html

Note You need to log in before you can comment on or make changes to this bug.