Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 390753 (CVE-2011-4313) - <net-dns/bind-9.7.4_p1,9.8.1_p1 Resolver crashes on invalid records (CVE-2011-4313)
Summary: <net-dns/bind-9.7.4_p1,9.8.1_p1 Resolver crashes on invalid records (CVE-2011...
Status: RESOLVED FIXED
Alias: CVE-2011-4313
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.isc.org/software/bind/advi...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-11-16 20:33 UTC by Nico Baggus
Modified: 2012-06-02 14:00 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Baggus 2011-11-16 20:33:15 UTC
I cam across this somewhere and it seems to be an issue with all binds.
This might be worth a GLSA.

Reproducible: Always

Actual Results:  
Several fixes are on the site.
Comment 2 Nico Baggus 2011-11-16 20:44:12 UTC
DSA, only delivers an list of old items
sorry.
Comment 3 Paul Varner (RETIRED) gentoo-dev 2011-11-16 22:02:00 UTC
FYI, the company I work for was hit by this in a malicious attack.   It's a DOS attack that causes named to crash and core dump.
Comment 4 Hanno Böck gentoo-dev 2011-11-17 07:10:32 UTC
This sounds rather serious, according to upstream, fixes are in  9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1 (and current stable in portage 9.7.3 is not mentioned, so maybe it's unsupported upstream).
Comment 5 Matus UHLAR - fantomas 2011-11-17 13:38:16 UTC
I can confirm this, only last of each minor is supported, therefore we need to have at least 9.8.1-P1 and 9.7.4-P1 and one of them being stable
Comment 6 Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2011-11-17 17:22:55 UTC
(In reply to comment #4)
> This sounds rather serious, according to upstream, fixes are in  9.8.1-P1,
> 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1 (and current stable in portage 9.7.3 is
> not mentioned, so maybe it's unsupported upstream).

Exactly. So while we're on it, it would be cool if we could stabilize both versions otherwise at least 9.7.4_p1.
Both bumps are in gentoo-x86 now and will be on the mirrors soonish.
Comment 7 Matthew Marlowe gentoo-dev 2011-11-17 19:43:20 UTC
LWN just ran an article saying that this vulnerability is out in the wild and being actively exploited and that many servers are experiencing DoS as a result.

Other distros are already posting notices.

http://lwn.net/Articles/467779/#Comments
Comment 8 Nico Baggus 2011-11-18 14:37:25 UTC
Personaly i disagree with minor, as it is a core function of todays internet.

There is at least some urgency associated with this incident.
Comment 9 Nico Baggus 2011-11-18 17:17:19 UTC
new server (9.7.4_p1) is now running.
Minor difference, 9.7.3_p3 started althoug a log file could not be created, 9.7.4_p1 doesn't start when this happens, not a big deal.
Comment 10 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2011-11-20 22:58:16 UTC
Arches, please test and mark stable:
=net-dns/bind-9.7.4_p1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 11 Tomáš "tpruzina" Pružina (amd64 [ex]AT) 2011-11-21 00:17:40 UTC
Amd64: works for me.
Comment 12 Agostino Sarubbo gentoo-dev 2011-11-21 10:15:26 UTC
amd64 ok, looks perfect on a server.
Comment 13 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-11-22 16:15:10 UTC
x86 stable
Comment 14 Jeroen Roovers gentoo-dev 2011-11-22 17:48:56 UTC
Stable for HPPA.
Comment 15 Raúl Porcel (RETIRED) gentoo-dev 2011-11-26 12:47:56 UTC
alpha/arm/ia64/s390/sh/sparc stable
Comment 16 Tony Vroon gentoo-dev 2011-11-28 10:16:45 UTC
+  28 Nov 2011; Tony Vroon <chainsaw@gentoo.org> bind-9.7.4_p1.ebuild:
+  Marked stable on AMD64 based on arch testing by Tomáš "Mepho" Pružina &
+  Agostino "ago" Sarubbo in security bug #390753.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2011-12-12 23:58:39 UTC
CVE-2011-4313 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4313):
  query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
  through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
  through 9.9.0b1 allows remote attackers to cause a denial of service
  (assertion failure and named exit) via unknown vectors related to recursive
  DNS queries, error logging, and the caching of an invalid record by the
  resolver.
Comment 18 Mark Loeser (RETIRED) gentoo-dev 2011-12-22 22:33:50 UTC
ppc/ppc64 done
Comment 19 Tim Sammut (RETIRED) gentoo-dev 2011-12-22 22:35:53 UTC
Thanks, folks. GLSA Vote: yes.
Comment 20 Stefan Behte (RETIRED) gentoo-dev Security 2012-03-06 01:12:43 UTC
Vote: Yes. GLSA request filed.
Comment 21 GLSAMaker/CVETool Bot gentoo-dev 2012-06-02 14:00:10 UTC
This issue was resolved and addressed in
 GLSA 201206-01 at http://security.gentoo.org/glsa/glsa-201206-01.xml
by GLSA coordinator Stefan Behte (craig).