Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 434876 (CVE-2012-4244) - <net-dns/bind-9.9.1_p3: Resource Record Denial of Service Vulnerability (CVE-2012-4244)
Summary: <net-dns/bind-9.9.1_p3: Resource Record Denial of Service Vulnerability (CVE...
Status: RESOLVED FIXED
Alias: CVE-2012-4244
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://kb.isc.org/article/AA-00778/74
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-09-13 09:29 UTC by Agostino Sarubbo
Modified: 2012-09-24 00:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-09-13 09:29:29 UTC
Description:

If a record with RDATA in excess of 65535 bytes is loaded into a nameserver, a subsequent query for that record will cause named to exit with an assertion failure.

Please Note: Versions of BIND 9.4 and 9.5 are also affected, but these branches are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. For current information on which versions are actively supported, please see http://www.isc.org/software/bind/versions.

Solution:
BIND 9 version 9.9.2, 9.9.1-P3
Comment 1 Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2012-09-13 17:56:58 UTC
Feel free to stabilize 9.9.1-P3.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-09-13 18:07:19 UTC
Thanks.

Arches, please test and mark stable:
=net-dns/bind-9.9.1_p3
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2012-09-13 18:25:28 UTC
amd64 stable
Comment 4 Anthony Basile gentoo-dev 2012-09-13 23:18:48 UTC
stable arm ppc ppc64
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2012-09-15 18:15:42 UTC
alpha/arm/ia64/s390/sh/sparc stable and x86 is already stable
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-09-16 13:56:43 UTC
CVE-2012-4244 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4244):
  ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
  and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
  cause a denial of service (assertion failure and named daemon exit) via a
  query for a long resource record.
Comment 7 Jeroen Roovers gentoo-dev 2012-09-16 14:23:05 UTC
Stable for HPPA.
Comment 8 Sean Amoss gentoo-dev Security 2012-09-19 10:25:01 UTC
Thanks, everyone.

GLSA vote: yes.
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2012-09-20 23:42:34 UTC
GLSA Vote: yes, too. Added to existing draft.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2012-09-24 00:30:52 UTC
This issue was resolved and addressed in
 GLSA 201209-04 at http://security.gentoo.org/glsa/glsa-201209-04.xml
by GLSA coordinator Sean Amoss (ackle).