Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 419637 (CVE-2012-1667) - <net-dns/bind-9.8.3_p1 : Handling of zero length rdata can cause named to terminate unexpectedly (CVE-2012-1667)
Summary: <net-dns/bind-9.8.3_p1 : Handling of zero length rdata can cause named to ter...
Status: RESOLVED FIXED
Alias: CVE-2012-1667
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.isc.org/software/bind/adv...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-06-04 17:09 UTC by Christian Ruppert (idl0r)
Modified: 2012-09-24 00:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2012-06-04 17:09:24 UTC
Description: 

This problem was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null (zero length) rdata fields.

Processing of these records may lead to unexpected outcomes. Recursive servers may crash or disclose some portion of memory to the client. Secondary servers may crash on restart after transferring a zone containing these records. Master servers may corrupt zone data if the zone option "auto-dnssec" is set to "maintain". Other unexpected problems that are not listed here may also be encountered.

Impact: This issue primarily affects recursive nameservers. Authoritative nameservers will only be impacted if an administrator configures experimental record types with no data. If the server is configured this way, then secondaries can crash on restart after transferring that zone. Zone data on the master can become corrupted if the zone with those records has named configured to manage the DNSSEC key rotation.

Solution:
Upgrade to BIND version 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, or 9.9.1-P1


I just committed 9.8.3-P1 and 9.9.1-P1. I'd prefer to stabilize 9.8.3-P1 first.
Comment 1 Agostino Sarubbo gentoo-dev 2012-06-04 17:29:25 UTC
Thanks for the report, can we go ahead and stabilize 9.8.3-P1 or needs more testing?
Comment 2 Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2012-06-04 17:50:23 UTC
(In reply to comment #1)
> Thanks for the report, can we go ahead and stabilize 9.8.3-P1 or needs more
> testing?

Go ahead.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2012-06-04 22:19:05 UTC
Arches, please test and mark stable:
=net-dns/bind-9.8.3-p1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 4 Jeroen Roovers gentoo-dev 2012-06-05 14:00:23 UTC
(In reply to comment #3)
> =net-dns/bind-9.8.3-p1

Arches, please test and mark stable:
=net-dns/bind-9.8.3_p1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 5 Jeroen Roovers gentoo-dev 2012-06-06 04:37:43 UTC
Stable for HPPA.
Comment 6 Brent Baude (RETIRED) gentoo-dev 2012-06-08 18:23:21 UTC
ppc done
Comment 7 Agostino Sarubbo gentoo-dev 2012-06-11 09:21:50 UTC
amd64 stable
Comment 8 Andreas Schürch gentoo-dev 2012-06-12 06:08:05 UTC
x86 stable, thanks
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 19:30:28 UTC
CVE-2012-1667 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1667):
  ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
  and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle
  resource records with a zero-length RDATA section, which allows remote DNS
  servers to cause a denial of service (daemon crash or data corruption) or
  obtain sensitive information from process memory via a crafted record.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2012-06-16 17:23:49 UTC
alpha/ia64/m68k/s390/sh/sparc stable
Comment 11 Sean Amoss gentoo-dev Security 2012-08-20 00:05:44 UTC
Adding to existing GLSA draft with 427966. If there are any objections, feel free to delete from the draft.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-09-24 00:30:46 UTC
This issue was resolved and addressed in
 GLSA 201209-04 at http://security.gentoo.org/glsa/glsa-201209-04.xml
by GLSA coordinator Sean Amoss (ackle).