Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 446094 (CVE-2012-5688) - <net-dns/bind-9.9.2_p1: DNS64 REQUIRE Assertion Failure Denial of Service Vulnerability (CVE-2012-5688)
Summary: <net-dns/bind-9.9.2_p1: DNS64 REQUIRE Assertion Failure Denial of Service Vul...
Status: RESOLVED FIXED
Alias: CVE-2012-5688
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/51484/
Whiteboard: B3 [glsa]
Keywords:
: 445924 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-12-05 13:32 UTC by Agostino Sarubbo
Modified: 2014-01-29 22:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-12-05 13:32:50 UTC
From $URL :

Description
A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause 
a DoS (Denial of Service).

The vulnerability is caused due to an error within the DNS64 IPv6 transition mechanism when 
handling certain queries, which can be exploited to trigger a REQUIRE assertion and crash the 
server via a specially crafted DNS query.

Successful exploitation requires that DNS64 is turned on.

The vulnerability is reported in versions 9.8.0 through 9.8.4 and 9.9.0 through 9.9.2.


Solution
Update to version 9.8.4-P1 or 9.9.2-P1.
Comment 1 Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2012-12-05 21:45:02 UTC
net-dns/bind-9.9.2_p1 is in the tree. Feel free to stabilize it.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2012-12-06 16:18:46 UTC
CVE-2012-5688 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5688):
  ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is
  enabled, allows remote attackers to cause a denial of service (assertion
  failure and daemon exit) via a crafted query.
Comment 3 Sean Amoss gentoo-dev Security 2012-12-06 16:26:22 UTC
(In reply to comment #1)
> net-dns/bind-9.9.2_p1 is in the tree. Feel free to stabilize it.

Thanks, Christian.

Arches, please test and mark stable.
=net-dns/bind-9.9.2_p1
Target KEYWORDS: "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 4 Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2012-12-06 20:28:18 UTC
*** Bug 445924 has been marked as a duplicate of this bug. ***
Comment 5 Agostino Sarubbo gentoo-dev 2012-12-07 11:26:59 UTC
amd64 stable
Comment 6 Jeroen Roovers gentoo-dev 2012-12-07 15:01:42 UTC
Stable for HPPA.
Comment 7 Agostino Sarubbo gentoo-dev 2012-12-16 16:24:49 UTC
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2012-12-22 15:20:16 UTC
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2012-12-23 19:13:57 UTC
ppc64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2012-12-25 22:27:09 UTC
ia64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2012-12-28 15:08:25 UTC
sparc stable
Comment 12 Agostino Sarubbo gentoo-dev 2012-12-29 08:53:37 UTC
alpha stable
Comment 13 Agostino Sarubbo gentoo-dev 2013-01-01 08:24:38 UTC
arm stable
Comment 14 Raúl Porcel (RETIRED) gentoo-dev 2013-01-01 19:23:30 UTC
s390/sh stable
Comment 15 Sean Amoss gentoo-dev Security 2013-01-01 21:39:07 UTC
Thanks, everyone.

GLSA vote: yes.
Comment 16 Tim Sammut (RETIRED) gentoo-dev 2013-01-02 18:28:27 UTC
Thanks, folks. GLSA Vote: yes, too. Added to existing GLSA request.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2014-01-29 22:52:43 UTC
This issue was resolved and addressed in
 GLSA 201401-34 at http://security.gentoo.org/glsa/glsa-201401-34.xml
by GLSA coordinator Sean Amoss (ackle).