2064513 – (CVE-2022-0396) CVE-2022-0396 bind: DoS from specifically crafted TCP packets

Bug 2064513 (CVE-2022-0396) - CVE-2022-0396 bind: DoS from specifically crafted TCP packets

Summary: CVE-2022-0396 bind: DoS from specifically crafted TCP packets

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-0396
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2068478 2068487 2068488
Blocks:	2064517
TreeView+	depends on / blocked

Reported:	2022-03-16 04:42 UTC by TEJ RATHI
Modified:	2022-12-06 02:20 UTC (History)
CC List:	13 users (show)
Fixed In Version:	bind 9.16.27, bind 9.18.1
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This flaw allows a remote attacker to send specially crafted TCP streams with 'keep-response-order' enabled that could cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period, even after the client has terminated the connection. This issue results in BIND consuming resources, leading to a denial of service.
Clone Of:
Environment:
Last Closed:	2022-12-06 02:20:51 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Internet Systems Consortium (ISC)	isc-projects bind9 merge_requests 5987	None	None	None	2022-03-25 19:41:20 UTC
Red Hat Product Errata	RHSA-2022:7643	None	None	None	2022-11-08 09:59:26 UTC
Red Hat Product Errata	RHSA-2022:8068	None	None	None	2022-11-15 10:09:12 UTC

Description TEJ RATHI 2022-03-16 04:42:11 UTC

ISC recently discovered an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue is present in BIND 9.16.11 to 9.16.26 (including S editions), and 9.18.0.

This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block, and as such, any hosts specified within it will be able to trigger this issue on affected.

Comment 1 Petr Menšík 2022-03-17 10:35:00 UTC

bind package in RHEL9 and bind9.16 package in RHEL8 is affected. Of course also Fedora 34-37 is affected too

Comment 3 TEJ RATHI 2022-03-25 12:51:23 UTC

Created bind tracking bugs for this issue:

Affects: fedora-all [bug 2068478]

Comment 7 errata-xmlrpc 2022-11-08 09:59:24 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7643 https://access.redhat.com/errata/RHSA-2022:7643

Comment 8 errata-xmlrpc 2022-11-15 10:09:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8068 https://access.redhat.com/errata/RHSA-2022:8068

Comment 9 Product Security DevOps Team 2022-12-06 02:20:49 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-0396

Note You need to log in before you can comment on or make changes to this bug.