Bug 2064513 (CVE-2022-0396) - CVE-2022-0396 bind: DoS from specifically crafted TCP packets
Summary: CVE-2022-0396 bind: DoS from specifically crafted TCP packets
Keywords:
Status: NEW
Alias: CVE-2022-0396
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2068487 2068488 2068478
Blocks: 2064517
TreeView+ depends on / blocked
 
Reported: 2022-03-16 04:42 UTC by TEJ RATHI
Modified: 2022-08-06 01:29 UTC (History)
13 users (show)

Fixed In Version: bind 9.16.27, bind 9.18.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This flaw allows a remote attacker to send specially crafted TCP streams with 'keep-response-order' enabled that could cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period, even after the client has terminated the connection. This issue results in BIND consuming resources, leading to a denial of service.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Internet Systems Consortium (ISC) isc-projects bind9 merge_requests 5987 0 None None None 2022-03-25 19:41:20 UTC

Description TEJ RATHI 2022-03-16 04:42:11 UTC
ISC recently discovered an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue is present in BIND 9.16.11 to 9.16.26 (including S editions), and 9.18.0.

This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block, and as such, any hosts specified within it will be able to trigger this issue on affected.

Comment 1 Petr Menšík 2022-03-17 10:35:00 UTC
bind package in RHEL9 and bind9.16 package in RHEL8 is affected. Of course also Fedora 34-37 is affected too

Comment 3 TEJ RATHI 2022-03-25 12:51:23 UTC
Created bind tracking bugs for this issue:

Affects: fedora-all [bug 2068478]


Note You need to log in before you can comment on or make changes to this bug.