Bug 928027 (CVE-2013-2266) - CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS
Summary: CVE-2013-2266 bind: libdns regular expressions excessive resource consumption...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-2266
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: CVE-2013-2494 (view as bug list)
Depends On: 928032 928271 928272 928273 928274
Blocks: 928028
TreeView+ depends on / blocked
 
Reported: 2013-03-26 17:51 UTC by Jan Lieskovsky
Modified: 2021-02-17 07:53 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-28 22:07:21 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0689 0 normal SHIPPED_LIVE Important: bind security and bug fix update 2013-03-29 02:00:32 UTC
Red Hat Product Errata RHSA-2013:0690 0 normal SHIPPED_LIVE Important: bind97 security update 2013-03-29 02:00:25 UTC

Description Jan Lieskovsky 2013-03-26 17:51:33 UTC
A denial of service flaw was found in the way libdns library implementation of BIND processed certain requests. A remote attacker could issue a specially-crafted DNS query that, when processed would lead to excessive memory consumption (memory exhaustion) at the side of the named server process, possibly leading to its crash.

References:
[1] https://kb.isc.org/article/AA-00871
[2] https://kb.isc.org/article/AA-00879
[3] https://lists.isc.org/pipermail/bind-users/2013-March/090211.html

Affected versions:
9.7.0 and later, BIND 10 is not affected

Solution:
Upgrade to BIND 9 version 9.8.4-P2, 9.9.2-P2 or recompile BIND without regular expression support.

Comment 4 Jan Lieskovsky 2013-03-26 18:25:40 UTC
Created bind tracking bugs for this issue

Affects: fedora-all [bug 928032]

Comment 11 Huzaifa S. Sidhpurwala 2013-03-27 10:36:35 UTC
*** Bug 928011 has been marked as a duplicate of this bug. ***

Comment 16 errata-xmlrpc 2013-03-28 22:02:44 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0690 https://rhn.redhat.com/errata/RHSA-2013-0690.html

Comment 17 errata-xmlrpc 2013-03-28 22:03:06 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0689 https://rhn.redhat.com/errata/RHSA-2013-0689.html

Comment 18 Nigel Horne 2013-04-01 14:58:29 UTC
Is there a URL to a set of diffs for this fix?

Comment 19 Adam Tkac 2013-04-02 12:50:18 UTC
(In reply to comment #18)
> Is there a URL to a set of diffs for this fix?

You can simply diff bind-9.8.4-P1 and bind-9.8.4-P2 upstream releases. This is the patch (please note that I stripped regeneration of configure script and some comments):

diff -urp bind-9.8.4-P1/config.h.in bind-9.8.4-P2/config.h.in
--- bind-9.8.4-P1/config.h.in   2012-10-26 06:52:55.000000000 +0200
+++ bind-9.8.4-P2/config.h.in   2013-03-06 17:57:05.000000000 +0100
@@ -286,9 +286,6 @@ int sigwait(const unsigned int *set, int
 /* Define if your OpenSSL version supports GOST. */
 #undef HAVE_OPENSSL_GOST

-/* Define to 1 if you have the <regex.h> header file. */
-#undef HAVE_REGEX_H
-
 /* Define to 1 if you have the `setegid' function. */
 #undef HAVE_SETEGID

diff -urp bind-9.8.4-P1/configure.in bind-9.8.4-P2/configure.in
--- bind-9.8.4-P1/configure.in  2012-10-26 06:52:55.000000000 +0200
+++ bind-9.8.4-P2/configure.in  2013-03-06 17:57:05.000000000 +0100
@@ -298,7 +298,7 @@ esac

 AC_HEADER_STDC

-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
 [$ac_includes_default
 #ifdef HAVE_SYS_PARAM_H
 # include <sys/param.h>

Comment 20 Vincent Danen 2013-04-02 22:22:50 UTC
External References:

https://kb.isc.org/article/AA-00871
https://kb.isc.org/article/AA-00879

Comment 21 Tomas Hoger 2013-04-03 08:22:36 UTC
Statement:

This issue did not affect the versions of bind package as shipped with Red Hat Enterprise Linux 3, 4, and 5. This issue was corrected in bind97 packages in Red Hat Enterprise Linux 5 and bind packages in Red Hat Enterprise Linux 6.

Comment 22 Fedora Update System 2013-04-05 23:08:15 UTC
bind-9.9.2-10.P2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 Fedora Update System 2013-04-07 00:24:44 UTC
bind-9.9.2-7.P2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.