2216228 – (CVE-2023-2911) CVE-2023-2911 bind: Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0

Bug 2216228 (CVE-2023-2911) - CVE-2023-2911 bind: Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0

Summary: CVE-2023-2911 bind: Exceeding the recursive-clients quota may cause named to ...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2023-2911
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	https://kb.isc.org/docs/cve-2023-2911
Whiteboard:
Duplicates (1):	DUPLICATE-CVE-2023-2911 (view as bug list)
Depends On:	2216233 2216234 2216235 2216237 2216238 2216239 2216240 2216241 2216630 2216631
Blocks:	2216252
TreeView+	depends on / blocked

Reported:	2023-06-20 14:34 UTC by TEJ RATHI
Modified:	2023-06-28 17:40 UTC (History)
CC List:	5 users (show)
Fixed In Version:	bind 9.16.42, bind 9.18.16
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in BIND. This security flaw occurs when the recursive-clients quota is reached on a BIND 9 resolver configured with stale-answer-enable yes; and stale-answer-client-timeout 0;. A sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow.
Clone Of:
Environment:
Last Closed:	2023-06-28 17:40:03 UTC
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-06-20 14:34:22 UTC

If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;, a sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow. By sending specific queries to the resolver, an attacker can cause named to terminate unexpectedly.

Comment 5 Petr Menšík 2023-06-21 22:00:35 UTC

Upstream article: https://kb.isc.org/docs/cve-2023-2911

Comment 6 Anten Skrabec 2023-06-21 22:27:07 UTC

*** Bug 2216576 has been marked as a duplicate of this bug. ***

Comment 7 Sandipan Roy 2023-06-22 06:05:21 UTC

Created bind tracking bugs for this issue:

Affects: fedora-all [bug 2216630]


Created dhcp tracking bugs for this issue:

Affects: fedora-all [bug 2216631]

Comment 8 Petr Menšík 2023-06-26 09:34:07 UTC

Default value used unless specified in configuration is stale-answer-client-timeout off;

Unless stale-answer-client-timeout 0; and stale-answer-enable on; is present somewhere in the configuration, the fix should not be needed.
Recommended value is around 1800 (miliseconds).

Comment 10 Product Security DevOps Team 2023-06-28 17:40:00 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-2911

Note You need to log in before you can comment on or make changes to this bug.