928027 – (CVE-2013-2266) CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS

Bug 928027 (CVE-2013-2266) - CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS

Summary: CVE-2013-2266 bind: libdns regular expressions excessive resource consumption...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2013-2266
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	CVE-2013-2494 (view as bug list)
Depends On:	928032 928271 928272 928273 928274
Blocks:	928028
TreeView+	depends on / blocked

Reported:	2013-03-26 17:51 UTC by Jan Lieskovsky
Modified:	2021-02-17 07:53 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-03-28 22:07:21 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0689	0	normal	SHIPPED_LIVE	Important: bind security and bug fix update	2013-03-29 02:00:32 UTC
Red Hat Product Errata	RHSA-2013:0690	0	normal	SHIPPED_LIVE	Important: bind97 security update	2013-03-29 02:00:25 UTC

Description Jan Lieskovsky 2013-03-26 17:51:33 UTC

A denial of service flaw was found in the way libdns library implementation of BIND processed certain requests. A remote attacker could issue a specially-crafted DNS query that, when processed would lead to excessive memory consumption (memory exhaustion) at the side of the named server process, possibly leading to its crash.

References:
[1] https://kb.isc.org/article/AA-00871
[2] https://kb.isc.org/article/AA-00879
[3] https://lists.isc.org/pipermail/bind-users/2013-March/090211.html

Affected versions:
9.7.0 and later, BIND 10 is not affected

Solution:
Upgrade to BIND 9 version 9.8.4-P2, 9.9.2-P2 or recompile BIND without regular expression support.

Comment 4 Jan Lieskovsky 2013-03-26 18:25:40 UTC

Created bind tracking bugs for this issue

Affects: fedora-all [bug 928032]

Comment 11 Huzaifa S. Sidhpurwala 2013-03-27 10:36:35 UTC

*** Bug 928011 has been marked as a duplicate of this bug. ***

Comment 16 errata-xmlrpc 2013-03-28 22:02:44 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0690 https://rhn.redhat.com/errata/RHSA-2013-0690.html

Comment 17 errata-xmlrpc 2013-03-28 22:03:06 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0689 https://rhn.redhat.com/errata/RHSA-2013-0689.html

Comment 18 Nigel Horne 2013-04-01 14:58:29 UTC

Is there a URL to a set of diffs for this fix?

Comment 19 Adam Tkac 2013-04-02 12:50:18 UTC

(In reply to comment #18)
> Is there a URL to a set of diffs for this fix?

You can simply diff bind-9.8.4-P1 and bind-9.8.4-P2 upstream releases. This is the patch (please note that I stripped regeneration of configure script and some comments):

diff -urp bind-9.8.4-P1/config.h.in bind-9.8.4-P2/config.h.in
--- bind-9.8.4-P1/config.h.in   2012-10-26 06:52:55.000000000 +0200
+++ bind-9.8.4-P2/config.h.in   2013-03-06 17:57:05.000000000 +0100
@@ -286,9 +286,6 @@ int sigwait(const unsigned int *set, int
 /* Define if your OpenSSL version supports GOST. */
 #undef HAVE_OPENSSL_GOST

-/* Define to 1 if you have the <regex.h> header file. */
-#undef HAVE_REGEX_H
-
 /* Define to 1 if you have the `setegid' function. */
 #undef HAVE_SETEGID

diff -urp bind-9.8.4-P1/configure.in bind-9.8.4-P2/configure.in
--- bind-9.8.4-P1/configure.in  2012-10-26 06:52:55.000000000 +0200
+++ bind-9.8.4-P2/configure.in  2013-03-06 17:57:05.000000000 +0100
@@ -298,7 +298,7 @@ esac

 AC_HEADER_STDC

-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
 [$ac_includes_default
 #ifdef HAVE_SYS_PARAM_H
 # include <sys/param.h>

Comment 20 Vincent Danen 2013-04-02 22:22:50 UTC

External References:

https://kb.isc.org/article/AA-00871
https://kb.isc.org/article/AA-00879

Comment 21 Tomas Hoger 2013-04-03 08:22:36 UTC

Statement:

This issue did not affect the versions of bind package as shipped with Red Hat Enterprise Linux 3, 4, and 5. This issue was corrected in bind97 packages in Red Hat Enterprise Linux 5 and bind packages in Red Hat Enterprise Linux 6.

Comment 22 Fedora Update System 2013-04-05 23:08:15 UTC

bind-9.9.2-10.P2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 Fedora Update System 2013-04-07 00:24:44 UTC

bind-9.9.2-7.P2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.