Bug 928027 - (CVE-2013-2266) CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS
CVE-2013-2266 bind: libdns regular expressions excessive resource consumption...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20130326,repo...
: Security
: CVE-2013-2494 (view as bug list)
Depends On: 928032 928271 928272 928273 928274
Blocks: 928028
  Show dependency treegraph
 
Reported: 2013-03-26 13:51 EDT by Jan Lieskovsky
Modified: 2015-11-24 10:30 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-03-28 18:07:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2013-03-26 13:51:33 EDT
A denial of service flaw was found in the way libdns library implementation of BIND processed certain requests. A remote attacker could issue a specially-crafted DNS query that, when processed would lead to excessive memory consumption (memory exhaustion) at the side of the named server process, possibly leading to its crash.

References:
[1] https://kb.isc.org/article/AA-00871
[2] https://kb.isc.org/article/AA-00879
[3] https://lists.isc.org/pipermail/bind-users/2013-March/090211.html

Affected versions:
9.7.0 and later, BIND 10 is not affected

Solution:
Upgrade to BIND 9 version 9.8.4-P2, 9.9.2-P2 or recompile BIND without regular expression support.
Comment 4 Jan Lieskovsky 2013-03-26 14:25:40 EDT
Created bind tracking bugs for this issue

Affects: fedora-all [bug 928032]
Comment 11 Huzaifa S. Sidhpurwala 2013-03-27 06:36:35 EDT
*** Bug 928011 has been marked as a duplicate of this bug. ***
Comment 16 errata-xmlrpc 2013-03-28 18:02:44 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0690 https://rhn.redhat.com/errata/RHSA-2013-0690.html
Comment 17 errata-xmlrpc 2013-03-28 18:03:06 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0689 https://rhn.redhat.com/errata/RHSA-2013-0689.html
Comment 18 Nigel Horne 2013-04-01 10:58:29 EDT
Is there a URL to a set of diffs for this fix?
Comment 19 Adam Tkac 2013-04-02 08:50:18 EDT
(In reply to comment #18)
> Is there a URL to a set of diffs for this fix?

You can simply diff bind-9.8.4-P1 and bind-9.8.4-P2 upstream releases. This is the patch (please note that I stripped regeneration of configure script and some comments):

diff -urp bind-9.8.4-P1/config.h.in bind-9.8.4-P2/config.h.in
--- bind-9.8.4-P1/config.h.in   2012-10-26 06:52:55.000000000 +0200
+++ bind-9.8.4-P2/config.h.in   2013-03-06 17:57:05.000000000 +0100
@@ -286,9 +286,6 @@ int sigwait(const unsigned int *set, int
 /* Define if your OpenSSL version supports GOST. */
 #undef HAVE_OPENSSL_GOST

-/* Define to 1 if you have the <regex.h> header file. */
-#undef HAVE_REGEX_H
-
 /* Define to 1 if you have the `setegid' function. */
 #undef HAVE_SETEGID

diff -urp bind-9.8.4-P1/configure.in bind-9.8.4-P2/configure.in
--- bind-9.8.4-P1/configure.in  2012-10-26 06:52:55.000000000 +0200
+++ bind-9.8.4-P2/configure.in  2013-03-06 17:57:05.000000000 +0100
@@ -298,7 +298,7 @@ esac

 AC_HEADER_STDC

-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
 [$ac_includes_default
 #ifdef HAVE_SYS_PARAM_H
 # include <sys/param.h>
Comment 20 Vincent Danen 2013-04-02 18:22:50 EDT
External References:

https://kb.isc.org/article/AA-00871
https://kb.isc.org/article/AA-00879
Comment 21 Tomas Hoger 2013-04-03 04:22:36 EDT
Statement:

This issue did not affect the versions of bind package as shipped with Red Hat Enterprise Linux 3, 4, and 5. This issue was corrected in bind97 packages in Red Hat Enterprise Linux 5 and bind packages in Red Hat Enterprise Linux 6.
Comment 22 Fedora Update System 2013-04-05 19:08:15 EDT
bind-9.9.2-10.P2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 23 Fedora Update System 2013-04-06 20:24:44 EDT
bind-9.9.2-7.P2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.