Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 163692

Summary: net-dns/bind: DNSSEC error and dereferencing freed fetch context (CVE-2007-049[34])
Product: Gentoo Security Reporter: Rajiv Aaron Manglani (RETIRED) <rajiv>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: bind+disabled, gengor, podge, sgtphou, voxus
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A/B3 [glsa]
Package list:
Runtime testing required: ---

Description Rajiv Aaron Manglani (RETIRED) gentoo-dev 2007-01-25 01:43:59 UTC
From: 	  Mark_Andrews@isc.org
	Subject: 	Internet Systems Consortium Security Advisory.
	Date: 	January 24, 2007 7:23:26 PM EST
	To: 	  bind-announce@isc.org


                Internet Systems Consortium Security Advisory.
		   BIND 9: dereferencing freed fetch context
                             12 January 2007

Versions affected:

	BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
        BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1
	     9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1 
	BIND 9.5.0a1 (Bind Forum only)

Severity: Low
Exploitable: Remotely

Description:

	It is possible for the named to dereference (read) a freed
	fetch context.  This can cause named to exit unintentionally.

Workaround:

	Disable / restrict recursion (to limit exposure).

Fix:

	Upgrade to BIND 9.2.8, BIND 9.3.4 or BIND 9.4.0rc2.
	Additionally this will be fixed in the upcoming BIND 9.5.0a2.

Revision History:
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2007-01-26 14:11:38 UTC
pls provide updated ebuilds

this has been fixed in 9.3.4 and 9.2.8
Comment 2 Executioner 2007-01-30 17:31:42 UTC
CVE-2007-0494
Comment 3 Martin Jackson (RETIRED) gentoo-dev 2007-02-06 03:07:16 UTC
bind and bind/tools 9.2.8, 9.3.4 and 9.4.0_rc2 have been committed to the tree.
Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-02-06 12:50:10 UTC
(In reply to comment #3)
> bind and bind/tools 9.2.8, 9.3.4 and 9.4.0_rc2 have been committed to the tree.
> 

Thanks Martin.

Hi arches, please test and mark stable when appropriate, thanks.

Target keywords are bind-9.2.8 and bind-9.3.4
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2007-02-06 13:12:17 UTC
9.3.4 wants idnkit but idnkit blocks <9.4...
coffee someone?
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2007-02-06 13:15:03 UTC
Oh btw, same for 9.2.8.
Comment 7 Konstantin Arkhipov (RETIRED) gentoo-dev 2007-02-06 16:31:30 UTC
my fault, wrong idnkit's block fixed.
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2007-02-06 21:12:06 UTC
x86 stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2007-02-07 05:37:47 UTC
Stable for HPPA.
Comment 10 Konstantin Arkhipov (RETIRED) gentoo-dev 2007-02-07 13:21:21 UTC
bind-tools must be in sync with bind. i.e. stabilize 'em too, please.
Comment 11 Gustavo Zacarias (RETIRED) gentoo-dev 2007-02-07 13:27:53 UTC
sparc stable.
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2007-02-07 13:31:17 UTC
x86 stable
Comment 13 Gustavo Zacarias (RETIRED) gentoo-dev 2007-02-07 13:57:09 UTC
ohhh someone's not gonna like me... 9.3.4 it still breaks on hardened-x86:

grsec: From xxx.xxx.xxx.xxx: signal 6 sent to /usr/sbin/named[named:11336] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/named[named:852] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Comment 14 Jeroen Roovers (RETIRED) gentoo-dev 2007-02-07 15:03:14 UTC
net-dns/bind-tools-9.3.4 marked stable for HPPA.
Comment 15 Shawn Haggett 2007-02-08 02:59:24 UTC
(In reply to comment #13)
> ohhh someone's not gonna like me... 9.3.4 it still breaks on hardened-x86:
> 
> grsec: From xxx.xxx.xxx.xxx: signal 6 sent to /usr/sbin/named[named:11336]
> uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0
> gid/egid:0/0 by /usr/sbin/named[named:852] uid/euid:40/40 gid/egid:40/40,
> parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> 
Same behavior here on hardened-x86:
grsec: From XXX.XXX.XXX.XXX: signal 6 sent to /usr/sbin/named[named:22469] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/named[named:10807] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Will happen within a few seconds of named reporting in the logs that is has finished starting up and is running.
Comment 16 Martin Jackson (RETIRED) gentoo-dev 2007-02-08 03:12:57 UTC
I suggest we mask bind for hardened arches only.  Is named the only program that reports a problem?  (i.e. do we need to mask bind-tools too or just bind)?
Comment 17 Tobias Scherbaum (RETIRED) gentoo-dev 2007-02-08 06:01:34 UTC
ppc stable
Comment 18 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2007-02-10 20:17:16 UTC
alpha stable
Comment 19 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-02-10 21:13:14 UTC
*** Bug 163691 has been marked as a duplicate of this bug. ***
Comment 20 Marcus D. Hanwell (RETIRED) gentoo-dev 2007-02-13 01:46:42 UTC
Stable on amd64.
Comment 21 Markus Rothe (RETIRED) gentoo-dev 2007-02-13 10:08:55 UTC
ppc64 stable
Comment 22 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-02-13 10:32:51 UTC
It's an old and well-known bind issue. I vote Yes for a GLSA.
Comment 23 Tavis Ormandy (RETIRED) gentoo-dev 2007-02-13 11:16:14 UTC
also vote YES.
Comment 24 Bryan Østergaard (RETIRED) gentoo-dev 2007-02-14 15:59:39 UTC
IA64 done.
Comment 25 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-02-16 09:06:58 UTC
let's have a GLSA then
Comment 26 FieldySnuts 2007-02-17 22:59:51 UTC
I'm hearing from a few people about problems on hardened on amd64 and x86, also mentioned in comment #15 and comment #16 , fyi.
Comment 27 FieldySnuts 2007-02-17 23:05:22 UTC
In addition, this bug is related (I found that out after i posted last comment, appologies for spam) bug #158664
Comment 28 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-02-18 00:27:09 UTC
GLSA 200702-06, see bug 158664 for hardened-related issues