Description: This problem was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null (zero length) rdata fields. Processing of these records may lead to unexpected outcomes. Recursive servers may crash or disclose some portion of memory to the client. Secondary servers may crash on restart after transferring a zone containing these records. Master servers may corrupt zone data if the zone option "auto-dnssec" is set to "maintain". Other unexpected problems that are not listed here may also be encountered. Impact: This issue primarily affects recursive nameservers. Authoritative nameservers will only be impacted if an administrator configures experimental record types with no data. If the server is configured this way, then secondaries can crash on restart after transferring that zone. Zone data on the master can become corrupted if the zone with those records has named configured to manage the DNSSEC key rotation. Solution: Upgrade to BIND version 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, or 9.9.1-P1 I just committed 9.8.3-P1 and 9.9.1-P1. I'd prefer to stabilize 9.8.3-P1 first.
Thanks for the report, can we go ahead and stabilize 9.8.3-P1 or needs more testing?
(In reply to comment #1) > Thanks for the report, can we go ahead and stabilize 9.8.3-P1 or needs more > testing? Go ahead.
Arches, please test and mark stable: =net-dns/bind-9.8.3-p1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
(In reply to comment #3) > =net-dns/bind-9.8.3-p1 Arches, please test and mark stable: =net-dns/bind-9.8.3_p1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
ppc done
amd64 stable
x86 stable, thanks
CVE-2012-1667 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1667): ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
alpha/ia64/m68k/s390/sh/sparc stable
Adding to existing GLSA draft with 427966. If there are any objections, feel free to delete from the draft.
This issue was resolved and addressed in GLSA 201209-04 at http://security.gentoo.org/glsa/glsa-201209-04.xml by GLSA coordinator Sean Amoss (ackle).
