Bug 2064515 (CVE-2022-0667) - CVE-2022-0667 bind: When chasing DS records, a timed-out or artificially delayed fetch could cause 'named' to crash while resuming a DS lookup
Summary: CVE-2022-0667 bind: When chasing DS records, a timed-out or artificially dela...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-0667
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2064517
TreeView+ depends on / blocked
 
Reported: 2022-03-16 04:42 UTC by TEJ RATHI
Modified: 2022-07-07 16:25 UTC (History)
11 users (show)

Fixed In Version: bind 9.18.1
Doc Type: If docs needed, set a value
Doc Text:
An assertion check flaw was found in BIND, with a refactoration of recursive client code that introduced a "backstop lifetime timer." While BIND processes a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. As a result of this timeout, the resume_dslookup() function is called, which does not test whether the fetch has shut down previously. This issue triggers an assertion failure, which could cause the BIND process to terminate.
Clone Of:
Environment:
Last Closed: 2022-04-06 11:27:32 UTC


Attachments (Terms of Use)

Description TEJ RATHI 2022-03-16 04:42:17 UTC
In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a "backstop lifetime timer."

While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate.

Only the BIND 9.18 branch is affected.

Comment 1 Petr Menšík 2022-03-17 10:41:30 UTC
BIND 9.18.0 were not yet released even on Fedora Rawhide, because bind-dyndb-ldap part of freeipa would be broken by that. It should be part of Fedora 37 starting with 9.18.1, where this issue would be fixed. Bug #2057493 is used as readiness tracker.

Comment 4 Product Security DevOps Team 2022-04-06 11:27:30 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-0667


Note You need to log in before you can comment on or make changes to this bug.