163692 2007-01-25 01:43 0000 net-dns/bind: DNSSEC error and dereferencing freed fetch context (CVE-2007-049[34]) 2007-02-18 00:27:09 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED A/B3 [glsa] P2 normal --- 1 rajiv@gentoo.org security@gentoo.org bind@gentoo.org gengor@gentoo.org mips@gentoo.org podge@podgeweb.com sgtphou@fire-eyes.org voxus@gentoo.org rajiv@gentoo.org 2007-01-25 01:43:59 0000 From: Mark_Andrews@isc.org Subject: Internet Systems Consortium Security Advisory. Date: January 24, 2007 7:23:26 PM EST To: bind-announce@isc.org Internet Systems Consortium Security Advisory. BIND 9: dereferencing freed fetch context 12 January 2007 Versions affected: BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3 BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1 BIND 9.5.0a1 (Bind Forum only) Severity: Low Exploitable: Remotely Description: It is possible for the named to dereference (read) a freed fetch context. This can cause named to exit unintentionally. Workaround: Disable / restrict recursion (to limit exposure). Fix: Upgrade to BIND 9.2.8, BIND 9.3.4 or BIND 9.4.0rc2. Additionally this will be fixed in the upcoming BIND 9.5.0a2. Revision History: vorlon@gentoo.org 2007-01-26 14:11:38 0000 pls provide updated ebuilds this has been fixed in 9.3.4 and 9.2.8 keith@email.arizona.edu 2007-01-30 17:31:42 0000 CVE-2007-0494 mjolnir@gentoo.org 2007-02-06 03:07:16 0000 bind and bind/tools 9.2.8, 9.3.4 and 9.4.0_rc2 have been committed to the tree. falco@gentoo.org 2007-02-06 12:50:10 0000 (In reply to comment #3) > bind and bind/tools 9.2.8, 9.3.4 and 9.4.0_rc2 have been committed to the tree. > Thanks Martin. Hi arches, please test and mark stable when appropriate, thanks. Target keywords are bind-9.2.8 and bind-9.3.4 gustavoz@gentoo.org 2007-02-06 13:12:17 0000 9.3.4 wants idnkit but idnkit blocks <9.4... coffee someone? gustavoz@gentoo.org 2007-02-06 13:15:03 0000 Oh btw, same for 9.2.8. voxus@gentoo.org 2007-02-06 16:31:30 0000 my fault, wrong idnkit's block fixed. armin76@gentoo.org 2007-02-06 21:12:06 0000 x86 stable jer@gentoo.org 2007-02-07 05:37:47 0000 Stable for HPPA. voxus@gentoo.org 2007-02-07 13:21:21 0000 bind-tools must be in sync with bind. i.e. stabilize 'em too, please. gustavoz@gentoo.org 2007-02-07 13:27:53 0000 sparc stable. armin76@gentoo.org 2007-02-07 13:31:17 0000 x86 stable gustavoz@gentoo.org 2007-02-07 13:57:09 0000 ohhh someone's not gonna like me... 9.3.4 it still breaks on hardened-x86: grsec: From xxx.xxx.xxx.xxx: signal 6 sent to /usr/sbin/named[named:11336] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/named[named:852] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 jer@gentoo.org 2007-02-07 15:03:14 0000 net-dns/bind-tools-9.3.4 marked stable for HPPA. podge@podgeweb.com 2007-02-08 02:59:24 0000 (In reply to comment #13) > ohhh someone's not gonna like me... 9.3.4 it still breaks on hardened-x86: > > grsec: From xxx.xxx.xxx.xxx: signal 6 sent to /usr/sbin/named[named:11336] > uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 > gid/egid:0/0 by /usr/sbin/named[named:852] uid/euid:40/40 gid/egid:40/40, > parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 > Same behavior here on hardened-x86: grsec: From XXX.XXX.XXX.XXX: signal 6 sent to /usr/sbin/named[named:22469] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/named[named:10807] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 Will happen within a few seconds of named reporting in the logs that is has finished starting up and is running. mjolnir@gentoo.org 2007-02-08 03:12:57 0000 I suggest we mask bind for hardened arches only. Is named the only program that reports a problem? (i.e. do we need to mask bind-tools too or just bind)? dertobi123@gentoo.org 2007-02-08 06:01:34 0000 ppc stable yoswink@gentoo.org 2007-02-10 20:17:16 0000 alpha stable falco@gentoo.org 2007-02-10 21:13:14 0000 *** Bug 163691 has been marked as a duplicate of this bug. *** cryos@gentoo.org 2007-02-13 01:46:42 0000 Stable on amd64. corsair@gentoo.org 2007-02-13 10:08:55 0000 ppc64 stable falco@gentoo.org 2007-02-13 10:32:51 0000 It's an old and well-known bind issue. I vote Yes for a GLSA. taviso@gentoo.org 2007-02-13 11:16:14 0000 also vote YES. kloeri@gentoo.org 2007-02-14 15:59:39 0000 IA64 done. falco@gentoo.org 2007-02-16 09:06:58 0000 let's have a GLSA then sgtphou@fire-eyes.org 2007-02-17 22:59:51 0000 I'm hearing from a few people about problems on hardened on amd64 and x86, also mentioned in comment #15 and comment #16 , fyi. sgtphou@fire-eyes.org 2007-02-17 23:05:22 0000 In addition, this bug is related (I found that out after i posted last comment, appologies for spam) bug #158664 falco@gentoo.org 2007-02-18 00:27:09 0000 GLSA 200702-06, see bug 158664 for hardened-related issues