1108544 – (CVE-2014-3859) CVE-2014-3859 bind: assertion failure during EDNS option processing

Bug 1108544 (CVE-2014-3859) - CVE-2014-3859 bind: assertion failure during EDNS option processing

Summary: CVE-2014-3859 bind: assertion failure during EDNS option processing

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2014-3859
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-06-12 08:27 UTC by Murray McAllister
Modified:	2021-02-17 06:29 UTC (History)
CC List:	4 users (show)
Fixed In Version:	bind 9.10.0-P2
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-12 08:35:11 UTC
Embargoed:

Attachments	(Terms of Use)

Description Murray McAllister 2014-06-12 08:27:25 UTC

A flaw in the EDNS option processing could cause named to crash with an assertion failure when processing specially-crafted queries.

This issue only affected BIND versions 9.10.0 and 9.10.0-P1. This version is not shipped in any Red Hat products or in Fedora.

External References:

https://kb.isc.org/article/AA-01166

Comment 2 Murray McAllister 2014-06-12 08:30:52 UTC

Statement:

Not vulnerable. This issue did not affect the versions of bind or bind97 as shipped with Red Hat Enterprise Linux 5, 6, and 7.

Comment 4 Murray McAllister 2014-06-12 08:34:45 UTC

This issue (or some of it) was fixed with the following:

lib/dns/message.c
@@ -3359,6 +3360,8 @@
 				 * version
 				 */
 				ADD_STRING(target, "(\"");
+				if (isc_buffer_availablelength(target) < optlen)
+					return (ISC_R_NOSPACE);
 				for (i = 0; i < optlen; i++) {
 					if (isprint(optdata[i]))
 						isc_buffer_putmem(target,

Note You need to log in before you can comment on or make changes to this bug.