Date: Tue, 24 Apr 2012 18:47:00 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security@...ts.openwall.com, Adam Tkac <atkac@...hat.com>, Petr Spacek <pspacek@...hat.com> Subject: CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap Note: First time mangled email address of Petr Spacek => apologize if you got this email two times. Anyway: Hello Kurt, Steve, vendors, a denial of service flaw was found in the way the bind-dyndb-ldap, a dynamic LDAP back-end plug-in for BIND providing LDAP database back-end capabilities, performed LDAP connection errors handling / attempted to recover, when an error during a LDAP search happened for a particular DNS query. When the Berkeley Internet Name Domain (BIND) server was patched to support dynamic loading of database back-ends, and the LDAP database back-end was enabled, a remote attacker could use this flaw to cause denial of service (named process hang) via DNS query for zone served by bind-dyndb-ldap. bind-dyndb-ldap backend upstream commit, which introduced the problem:  http://git.fedorahosted.org/git/?p=bind-dyndb-ldap.git;a=commit;h=a7a47212beb01c5083768bdd4170250e7f7cf188 Preliminary bind-dyndb-ldap back-end upstream patch from Adam Tkac:  https://bugzilla.redhat.com/show_bug.cgi?id=815846#c1 References:  https://bugzilla.redhat.com/show_bug.cgi?id=815846  https://www.redhat.com/archives/freeipa-users/2012-April/msg00145.html Note: Just to explicitly note this. This is NOT a bind DoS in the sense upstream bind source package would be affected by it. Bind needs to be first patched to support dynamic loading of database backends and it's an error in the LDAP backend (bind-dyndb-ldap source code) which makes this attack to succeed when a specially-crafted DNS query is issued. Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ