Bug 10869

Summary: bind - A specially crafted query can cause BIND to terminate abnormally (CVE-2013-4854)
Product: Mageia Reporter: Oden Eriksson <oe>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, luigiwalser, sysadmin-bugs, tmb
Version: 3Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/561309/
Whiteboard: MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OK
Source RPM: bind CVE:
Status comment:

Description Oden Eriksson 2013-07-28 09:37:57 CEST 
Name: CVE-2013-4854
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130716
Category: 
Reference: CONFIRM:https://kb.isc.org/article/AA-01015
Reference: CONFIRM:https://kb.isc.org/article/AA-01016

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x
before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and
DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote
attackers to cause a denial of service (daemon crash) via a query with
a malformed RDATA section that is not properly handled during
construction of a log message, as exploited in the wild in July 2013.

Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-07-28 09:38:43 CEST 
bind-9.9.3.P2-1.mga* has been submitted for all.
Comment 3 David Walser 2013-07-28 16:10:48 CEST 
Advisory:
========================

Updated bind packages fix security vulnerability:

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x
before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and
DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote
attackers to cause a denial of service (daemon crash) via a query
with a malformed RDATA section that is not properly handled during
construction of a log message, as exploited in the wild in July 2013
(CVE-2013-4854).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
https://kb.isc.org/article/AA-01015
https://kb.isc.org/article/AA-01016
https://kb.isc.org/article/AA-01017
http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:202/
========================

Updated packages in core/updates_testing:
========================
bind-9.9.3.P2-1.mga2
bind-sdb-9.9.3.P2-1.mga2
bind-utils-9.9.3.P2-1.mga2
bind-devel-9.9.3.P2-1.mga2
bind-doc-9.9.3.P2-1.mga2
bind-9.9.3.P2-1.mga3
bind-sdb-9.9.3.P2-1.mga3
bind-utils-9.9.3.P2-1.mga3
bind-devel-9.9.3.P2-1.mga3
bind-doc-9.9.3.P2-1.mga3

from SRPMS:
bind-9.9.3.P2-1.mga2.src.rpm
bind-9.9.3.P2-1.mga3.src.rpm

CC: (none) => luigiwalser
Version: 2 => 3
Assignee: bugsquad => qa-bugs
Summary: CVE-2013-4854: bind - A specially crafted query can cause BIND to terminate abnormally => bind - A specially crafted query can cause BIND to terminate abnormally (CVE-2013-4854)
Whiteboard: (none) => MGA2TOO

Comment 4 Dave Hodgins 2013-07-29 03:32:04 CEST 
No public poc that I could find, so just testing that named is working.

Testing complete on Mageia 2 and 3, i586 and x86_64, using ...
host mageia.org 127.0.0.1
dig @127.0.0.1 mageia.org

Could someone from the sysadmin team push 10869.adv to updates.

Keywords: (none) => validated_update
Whiteboard: MGA2TOO => MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 5 Thomas Backlund 2013-07-29 16:03:29 CEST 
Update pushed:
http://advisories.mageia.org/MGASA-2013-0237.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

David Walser 2013-07-29 19:43:14 CEST

URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854 => http://lwn.net/Vulnerabilities/561309/

Comment 6 Dave Hodgins 2013-07-30 02:17:42 CEST 
Ouch. Missed this in testing, but just hit in on my m2 i586 system.

file /usr/share/doc/bind/CHANGES from install of bind-9.9.3.P2-1.mga2.i586 conflicts with file from package bind-doc-9.9.3.P1-1.mga2.noarch

file /usr/share/doc/bind/CHANGES from install of bind-doc-9.9.3.P2-1.mga2.noarch conflicts with file from package bind-9.9.3.P1-1.mga2.i586

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 7 Dave Hodgins 2013-07-30 02:45:31 CEST 
Bug report Bug 10880 opened for comment 6.

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED