Bug 10869 - bind - A specially crafted query can cause BIND to terminate abnormally (CVE-2013-4854)
: bind - A specially crafted query can cause BIND to terminate abnormally (CVE-...
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/561309/
: MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-07-28 09:37 CEST by Oden Eriksson
Modified: 2013-07-30 02:45 CEST (History)
4 users (show)

See Also:
Source RPM: bind
CVE:


Attachments

Description Oden Eriksson 2013-07-28 09:37:57 CEST
Name: CVE-2013-4854
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130716
Category: 
Reference: CONFIRM:https://kb.isc.org/article/AA-01015
Reference: CONFIRM:https://kb.isc.org/article/AA-01016

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x
before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and
DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote
attackers to cause a denial of service (daemon crash) via a query with
a malformed RDATA section that is not properly handled during
construction of a log message, as exploited in the wild in July 2013.

Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-07-28 09:38:43 CEST
bind-9.9.3.P2-1.mga* has been submitted for all.
Comment 3 David Walser 2013-07-28 16:10:48 CEST
Advisory:
========================

Updated bind packages fix security vulnerability:

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x
before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and
DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote
attackers to cause a denial of service (daemon crash) via a query
with a malformed RDATA section that is not properly handled during
construction of a log message, as exploited in the wild in July 2013
(CVE-2013-4854).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
https://kb.isc.org/article/AA-01015
https://kb.isc.org/article/AA-01016
https://kb.isc.org/article/AA-01017
http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:202/
========================

Updated packages in core/updates_testing:
========================
bind-9.9.3.P2-1.mga2
bind-sdb-9.9.3.P2-1.mga2
bind-utils-9.9.3.P2-1.mga2
bind-devel-9.9.3.P2-1.mga2
bind-doc-9.9.3.P2-1.mga2
bind-9.9.3.P2-1.mga3
bind-sdb-9.9.3.P2-1.mga3
bind-utils-9.9.3.P2-1.mga3
bind-devel-9.9.3.P2-1.mga3
bind-doc-9.9.3.P2-1.mga3

from SRPMS:
bind-9.9.3.P2-1.mga2.src.rpm
bind-9.9.3.P2-1.mga3.src.rpm
Comment 4 Dave Hodgins 2013-07-29 03:32:04 CEST
No public poc that I could find, so just testing that named is working.

Testing complete on Mageia 2 and 3, i586 and x86_64, using ...
host mageia.org 127.0.0.1
dig @127.0.0.1 mageia.org

Could someone from the sysadmin team push 10869.adv to updates.
Comment 5 Thomas Backlund 2013-07-29 16:03:29 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0237.html
Comment 6 Dave Hodgins 2013-07-30 02:17:42 CEST
Ouch. Missed this in testing, but just hit in on my m2 i586 system.

file /usr/share/doc/bind/CHANGES from install of bind-9.9.3.P2-1.mga2.i586 conflicts with file from package bind-doc-9.9.3.P1-1.mga2.noarch

file /usr/share/doc/bind/CHANGES from install of bind-doc-9.9.3.P2-1.mga2.noarch conflicts with file from package bind-9.9.3.P1-1.mga2.i586
Comment 7 Dave Hodgins 2013-07-30 02:45:31 CEST
Bug report Bug 10880 opened for comment 6.

Note You need to log in before you can comment on or make changes to this bug.