Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 402661 (CVE-2012-1033) - <net-dns/bind-9.8.3_p1 : Deleted Domain Name Resolving Vulnerability (CVE-2012-1033)
Summary: <net-dns/bind-9.8.3_p1 : Deleted Domain Name Resolving Vulnerability (CVE-201...
Status: RESOLVED FIXED
Alias: CVE-2012-1033
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/47884/
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-08 11:23 UTC by Agostino Sarubbo
Modified: 2012-09-24 00:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-02-08 11:23:37 UTC
From secunia security advisory at $URL:

Description:
The vulnerability is caused due to an error within the cache update policy, which does not properly handle revoked domain names. This can be exploited to keep the domain name resolvable after being deleted from registration.

The vulnerability is reported in all 9.x versions.


Solution:
Unpatched

Original Advisory
https://www.isc.org/software/bind/advisories/cve-2012-1033
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-02-20 05:13:08 UTC
CVE-2012-1033 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1033):
  The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a
  cache update policy, which allows remote attackers to trigger continued
  resolvability of domain names that are no longer registered via an
  unspecified "Ghost Names exploit."
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2012-08-20 00:06:01 UTC
From the upstream advisory [1]:

"**Delayed Update of 29 May --

The following releases, 9.6-ESV-R6, 9.7.5, 9.8.2, 9.9.0, and subsequent releases have changes to address this issue:

3282. [bug] Restrict the TTL of NS RRset to no more than that
of the old NS RRset when replacing it.
[RT #27792] [RT #27884]**"


Adding to existing GLSA draft with 427966. If there are any objections, feel free to delete from the draft.

[1] https://www.isc.org/software/bind/advisories/cve-2012-1033
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-09-24 00:30:43 UTC
This issue was resolved and addressed in
 GLSA 201209-04 at http://security.gentoo.org/glsa/glsa-201209-04.xml
by GLSA coordinator Sean Amoss (ackle).