Bug 970905 - (CVE-2013-3919) CVE-2013-3919 bind: Querying a recursive resolver for a malformed zone causes named to crash
CVE-2013-3919 bind: Querying a recursive resolver for a malformed zone causes...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20130604,repo...
: Security
Depends On:
Blocks: 970911
  Show dependency treegraph
 
Reported: 2013-06-05 03:57 EDT by Huzaifa S. Sidhpurwala
Modified: 2013-06-05 11:24 EDT (History)
3 users (show)

See Also:
Fixed In Version: bind 9.9.3-P1, bind 9.8.5-P1, bind 9.6-ESV-R9-P1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-05 05:39:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diff of bind-9.6-ESV-R9-P1 and bind-9.6-ESV-R9 (2.71 KB, patch)
2013-06-05 04:00 EDT, Huzaifa S. Sidhpurwala
no flags Details | Diff

  None (edit)
Description Huzaifa S. Sidhpurwala 2013-06-05 03:57:33 EDT
A flaw in ISC BIND was reported [1] where a recursive nameserver could be caused to crash if it recieved a query for a record in a specially malformed zone. A remote attacker could use this flaw to remotely exploit (Denial of Service) a recursive nameserver, by sending a query for a malformed zone, which could cause BIND to exit with a fatal "RUNTIME_CHECK" error in resolver.c

[1] https://kb.isc.org/article/AA-00967

Affected versions: BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 are affected

Note:
Versions 9.6.0 through 9.6-ESV-R8, 9.8.0 through 9.8.4-P2, and 9.9.0 through 9.9.2-P2 ARE NOT affected. Also other major branches of BIND (e.g. 9.7, 9.5, etc) are NOT vulnerable to this flaw.
Comment 1 Huzaifa S. Sidhpurwala 2013-06-05 04:00:27 EDT
Created attachment 757073 [details]
diff of bind-9.6-ESV-R9-P1 and bind-9.6-ESV-R9
Comment 2 Huzaifa S. Sidhpurwala 2013-06-05 04:13:18 EDT
Statement:

Not Vulnerable. This issue does not affect the version of bind as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of bind97 as shipped with Red Hat Enterprise Linux 5.
Comment 3 Huzaifa S. Sidhpurwala 2013-06-05 04:26:16 EDT
Fedora 17 ships bind-9.9.2-7.P2.fc17 and Fedora 18 ships bind-9.9.2-10.P2.fc18, and therefore are not affected by this issue.

However the update candidates for bind are affected:

https://admin.fedoraproject.org/updates/dhcp-4.2.5-2.fc17,dnsperf-2.0.0.0-3.fc17,bind-dyndb-ldap-2.5-2.fc17,bind-9.9.3-2.fc17
https://admin.fedoraproject.org/updates/bind-dyndb-ldap-2.6-2.fc18,dnsperf-2.0.0.0-4.fc18,dhcp-4.2.5-12.fc18,bind-9.9.3-2.fc18
https://admin.fedoraproject.org/updates/FEDORA-2013-9984/bind-9.9.3-2.fc19

Please schedule an update to replace these builds with the fixed versions.

Note You need to log in before you can comment on or make changes to this bug.