Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

ISC has a new bind version :
http://www.isc.org/sw/bind/view?release=9.3.3

This new version fixe at least 2 vulnerabilities in the BIND name server could
allow a remote attacker to cause a denial of service against an affected
system.

http://www.kb.cert.org/vuls/id/915404
http://www.kb.cert.org/vuls/id/697164
http://www.kb.cert.org/vuls/id/938617

Created an attachment (id=104090) [details]
Simple 9.3.3 ebuild

This is my very dumb ebuild for version 9.3.3.

*** Bug 158216 has been marked as a duplicate of this bug. ***

thanks Jakub.

Hi Konstantin, this is a version bump request for you.

9.3.3 is committed.

Thanks Konstantin.

Hi arches, please test bind-9.3.3 and mark it stable if appropriate.

arches, you may also want to test & stabilize bind-9.2.7 since it corrects
another vulnerability in the 9.2.x branch: see bug 131337

Both versions stable on x86

x86: bind-tools must be in sync with bind.

bind{,-tools}-9.{2.7,3.3} amd64 stable.

    Sec team,

    after having deeply looked into the announcements, i think that the
corrected vulnerabilities are old ones, which have already been corrected by
patches in bind-9.3.2-r4 and bind-9.2.6-r4 ... except CVE-2006-2073 (TSIG DoS).
But it is unclear which version does fix that TSIG DoS. It is possible that
this vulnerability is not fixed yet. In that case, since the mentionned CVEs on
[1] and [2] are :
    CVE-2006-4095 
    CVE-2006-4096 
    CAN-2005-0034 
    That would mean this bug is Invalid because these three CVEs have already
been previously fixed by patches (9.3.2-r4 and 9.2.6-r4).

    Your opinion?

    [1] http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.7
    [2] http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.3

You can sort it out between yourselves...x86 is stable anyway with bind-tools
too now.

bind-9.3.3 dies miserably on startup on my x86 hardened system:

loki ~ # named -n 2 -u named -f
named: stack smashing attack in function query_find()
Aborted (core dumped)

Portage 2.1.1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5,
2.6.17-hardened-r1 i686)
=================================================================
System uname: 2.6.17-hardened-r1 i686 Intel(R) Xeon(TM) CPU 2.66GHz
Gentoo Base System version 1.12.6
Last Sync: Mon, 18 Dec 2006 11:30:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium3 -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=pentium3 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox sfperms
strict userpriv usersandbox"
GENTOO_MIRRORS="http://gentoo.osuosl.org http://distfiles.gentoo.org"
LC_ALL="en_US.utf8"
MAKEOPTS="-j5"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://localhost/gentoo-portage"
USE="a52 aac aalib acl apache2 bash-completion bcmath berkdb bzip2 caps cli
cracklib crypt ctype cups curl dba dlloader ecc elibc_glibc encode exif
extensions flash foomaticdb ftp gd gdbm gif gmp hardened hash hpn iconv idea
idn imap imlib innodb input_devices_keyboard input_devices_mouse ipv6 jpeg
jpeg2k kernel_linux lcms ldap libclamav mailwrapper mcal mhash milter ming mmx
mpm-worker mysql mysqli ncurses network nls nptl oav ogg oscar pam pcre pear
perl pic plotutils png ppds readline rle samba sasl session slp snmp spell spf
sse ssl tcpd theora threads tiff tokenizer tools truetype unicode userland_GNU
userlocales vhosts vorbis x86 xml xml2 xorg xsl xvid zip zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS,
PORTAGE_RSYNC_EXTRA_OPTS

gustavoz: yep, reproducible.

cc'ing hardened.

==

Portage 2.1.1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5,
2.6.17-hardened-r1 i686)
=================================================================
System uname: 2.6.17-hardened-r1 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz
Gentoo Base System version 1.12.6
Last Sync: Mon, 18 Dec 2006 11:00:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-mtune=pentium4 -march=pentium4 -Os -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -mcpu=i386 -pipe -fforce-addr"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks metadata-transfer prelink sandbox sfperms
strict"
GENTOO_MIRRORS="http://gentoo.shadanakar.org/ http://distfiles.gentoo.org/"
MAKEOPTS="-j3"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/opt/overlay"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="bash-completion bzip2 dlloader elibc_glibc hardened input_devices_keyboard
input_devices_mouse kernel_linux logrotate nptl nptlonly offensive pam pic
readline ssl threads unicode userland_GNU userlocales vhosts x86 xorg zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS

sparc stable - i'll stay around for the x86-hardened one.

Confirm the problem on hardened kernel (hardened-sources-2.6.19-r1) grsec
enabled (all RBAC policies disabled) :
Dec 18 09:33:45 xwing grsec: From 192.168.14.10: signal 6 sent to
/usr/sbin/named[named:28981] uid/euid:40/40 gid/egid:40/40, parent
/sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/named[named:625]
uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0
gid/egid:0/0
 Dec 18 09:33:45 xwing grsec: From 192.168.14.10: denied resource overstep by
requesting 4096 for RLIMIT_CORE against limit 0 for
/usr/sbin/named[named:28981] uid/euid:40/40 gid/egid:40/40, parent
/sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

ppc64 stable

9.3.3 is EXTREMELY unstable locally on a hardened x86 box, just masked it

do have core files here from it, no idea how to actually backtrace them tho, if
anyone wants them or wants me to do something to them just tell me what

bind runs in chroot

Portage 2.1.1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5,
2.6.19-hardened-r1 i686)
=================================================================
System uname: 2.6.19-hardened-r1 i686 AMD Athlon(tm) XP 2400+
Gentoo Base System version 1.12.6
Last Sync: Tue, 19 Dec 2006 01:47:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.5, 1.6.3, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-Os -march=athlon-xp -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind /var/qmail/alias /var/qmail/control
/var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-Os -march=athlon-xp -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://ftp.iinet.net.au/linux/Gentoo/
http://gentoo.osuosl.org/"
LDFLAGS="-Wl,-O1 -Wl,--enable-new-dtags -Wl,--sort-common"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/local/overlays/qmr-portage
/usr/portage/local/layman/php-testing
/usr/portage/local/layman/php-experimental
/usr/portage/local/layman/postgresql-testing /usr/portage/local/layman/xeffects
/usr/portage/local/layman/xeffects-experimental"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="apache2 authdaemond bash-completion berkdb crypt dlloader elibc_glibc fam
graphviz hardened idea imap input_devices_keyboard input_devices_mouse ithreads
jpeg jpeg2k kernel_linux logrotate maildir nptl nptlonly pam pic rc5 readline
ssl tcpd threads urandom userland_GNU userlocales valias vhosts x86 xorg zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS,
MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS

Portage 2.1.1-r2 (default-linux/amd64/2006.1, gcc-3.4.6, glibc-2.3.6-r4,
2.6.17.13 x86_64)
=================================================================
System uname: 2.6.17.13 x86_64 AMD Opteron(tm) Processor 246
Gentoo Base System version 1.12.6
Last Sync: Tue, 19 Dec 2006 17:30:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X509 accessibility acl acpi adns aim amd64 apache2 apm berkdb bitmap-fonts
bzlib calendar chroot cli cracklib crypt cscope ctype cups curl curlwrappers
dba dbm dbx dedicated dio dlloader dri elibc_glibc erandom exif fam fastcgi
fftw flatfile foomaticdb fortran freedts ftp gd gdbm gif gps hardened imap
imlib inifile innodb input_devices_evdev input_devices_keyboard
input_devices_mouse ipv6 isdnlog ithreads jabber jikes jpeg justify kerberos
kernel_linux libedit libwww maildir mailwrapper mbox mcal mcve memlimit mhash
mime ming mmap mng msession mysql mysqli ncurses nis nls nocardbus nptl
nptlonly odbc offensive pam pcntl pcre pdflib perl php pic pie png posix pppd
prelude pwdb python readline recode reflection sasl session sftplogging
simplexml skey snmp sockets spell spl ssl sysvipc szip tcpd threads tidy tiff
tokensizer truetype-fonts type1-fonts udev unicode usb userland_GNU vhosts
video_cards_apm video_cards_ark video_cards_ati video_cards_chips
video_cards_cirrus video_cards_cyrix video_cards_dummy video_cards_fbdev
video_cards_glint video_cards_i128 video_cards_i810 video_cards_mga
video_cards_neomagic video_cards_nv video_cards_rendition video_cards_s3
video_cards_s3virge video_cards_savage video_cards_siliconmotion
video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga
video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa
video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo wmf xml
xml-rpc xml2 xorg xsl zeo zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
LINGUAS, MAKEOPTS

I yesterday tried upgrade to bind 9.3.3
[ebuild     U ] net-dns/bind-9.3.3 [9.3.2-r4] USE="berkdb idn ipv6 mysql odbc
ssl threads -dlz -doc -ldap -postgres -resolvconf% (-selinux)" 0 kB

After upgrade a restart named but after few seconds crashed down without any
errors in my daemond logs.
Version 9.3.2-r4 works great.

ppc stable, nixnut tested on hardened/ppc and couldn't reproduce any errors.

wrt comment #10 - i think, we should mask bind-9.3.3 until stability issues are
sorted out.

?

stable on hppa.

so i'm going to mask bind/bind-tools 9.2.7/9.3.3 tomorrow, 22-12-2006, since
there are no objections against it.

(In reply to comment #22)
> so i'm going to mask bind/bind-tools 9.2.7/9.3.3 tomorrow, 22-12-2006, since
> there are no objections against it.
> 

As you want.

I think there is no security issue in the portage tree fixed with these
versions. I'll close that bug as Invalid unless someone disagrees here.

bind{,-tools}-9.{2.7,3.3} masked.

Well, I have the same problem, bind-9.3.3 was only capable of answering the
first request for a local domain, after answering it died with "named: stack
smashing attack in function query_find()", I reported it in bug 158664 comment
#8, you have to run named from command line in order to see the error.

I think the problem could be in the -O flag of gcc I was able to run bind-9.3.3
stable downgrading from -O2 to just -O.

I'm using bind chrooted in a hardened amd64.

Closing as Invalid since 9.3.3 brings no security fix; please follow bug 158664
if you are concerned about the 9.3.3 stack smashing issues.

Feel free to reopen if you disagree

ia64 done