1171919 – (CVE-2014-8680) CVE-2014-8680 bind: flaws in GeoIP leading to a denial of service

Bug 1171919 (CVE-2014-8680) - CVE-2014-8680 bind: flaws in GeoIP leading to a denial of service

Summary: CVE-2014-8680 bind: flaws in GeoIP leading to a denial of service

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2014-8680
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-12-09 00:04 UTC by Murray McAllister
Modified:	2021-12-10 14:27 UTC (History)
CC List:	7 users (show)
Fixed In Version:	bind 9.10.1-P1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-12-09 00:05:58 UTC
Embargoed:

Attachments	(Terms of Use)

Description Murray McAllister 2014-12-09 00:04:46 UTC

BIND 9.10.1-P1 fixes the following flaws:

""
Multiple errors have been identified in the GeoIP features added in BIND 9.10.  Two are capable of crashing BIND -- triggering either can cause named to exit with an assertion failure, resulting in a denial of service condition.  A third defect is also corrected, which could have caused GeoIP databases to not be loaded properly if their location was changed while BIND was running.

Only servers built to include GeoIP functionality are affected.
""

The affected versions (9.10.0 to 9.10.1) are not shipped in Red Hat Enterprise Linux or Fedora.

External References:

https://kb.isc.org/article/AA-01217/74/CVE-2014-8680%3A-Defects-in-GeoIP-features-can-cause-BIND-to-crash.html

Comment 1 Murray McAllister 2014-12-09 00:05:14 UTC

Statement:

Not vulnerable. This issue did not affect the versions of bind or bind97 as shipped with Red Hat Enterprise Linux 5, 6, and 7.

Note You need to log in before you can comment on or make changes to this bug.