Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 24 Apr 2012 12:08:17 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Adam Tkac <atkac@...hat.com>, Petr Spacek <pspacek@...hat.com>
Subject: Re: CVE Request -- bind-dyndb-ldap: Bind DoS (named
 hang) by processing DNS query for zone served by bind-dyndb-ldap

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/24/2012 10:47 AM, Jan Lieskovsky wrote:
> Note: First time mangled email address of Petr Spacek => apologize
> if you got this email two times. Anyway:
> 
> Hello Kurt, Steve, vendors,
> 
> a denial of service flaw was found in the way the bind-dyndb-ldap,
> a dynamic LDAP back-end plug-in for BIND providing LDAP database
> back-end capabilities, performed LDAP connection errors handling /
> attempted to recover, when an error during a LDAP search happened
> for a particular DNS query. When the Berkeley Internet Name Domain
> (BIND) server was patched to support dynamic loading of database
> back-ends, and the LDAP database back-end was enabled, a remote 
> attacker could use this flaw to cause denial of service (named
> process hang) via DNS query for zone served by bind-dyndb-ldap.
> 
> bind-dyndb-ldap backend upstream commit, which introduced the
> problem: [1] 
> http://git.fedorahosted.org/git/?p=bind-dyndb-ldap.git;a=commit;h=a7a47212beb01c5083768bdd4170250e7f7cf188
>
> 
> 
> Preliminary bind-dyndb-ldap back-end upstream patch from Adam
> Tkac: [2] https://bugzilla.redhat.com/show_bug.cgi?id=815846#c1
> 
> References: [3] https://bugzilla.redhat.com/show_bug.cgi?id=815846 
> [4]
> https://www.redhat.com/archives/freeipa-users/2012-April/msg00145.html
>
>  Note: Just to explicitly note this. This is NOT a bind DoS in the
> sense upstream bind source package would be affected by it. Bind 
> needs to be first patched to support dynamic loading of database 
> backends and it's an error in the LDAP backend (bind-dyndb-ldap 
> source code) which makes this attack to succeed when a 
> specially-crafted DNS query is issued.
> 
> Could you allocate a CVE id for this?
> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team

Please use CVE-2012-2134 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPluwRAAoJEBYNRVNeJnmTiTwQAME5zGqXnfsu3bjqRmztFtpp
+tiCDANKzMDWPFtxDefPpKYAipwC7Iv1BjqkuOl3UmwYWONrU+jz/aivIJ3rNhDf
YYWcOcu/93f37IF4fDbgWjW9jL0VDZtOlrtvdz+Cp0vmGiLtrXfcCu9kqvXf+aN8
SyrY9ZrOWKSDsXXev3rD5JdiPoalGeSfK4ACnu8jzjxlmaDabgJx18ipKGiGKn6k
AFbz8SSWIGDPWEeJEdtjR1r85Iaa3sorQzOXiznMXrADlvnx81Qbfi61w8lZfmLI
itytRr+zjhUEzNOvnXQJTOxTgJfWAyQ8aVGzF/x+XQUdBvm5taJh27NGg/dQn+ZS
m08kOpMV3wT5LwpqE4tWd1OA1og82Hhm9E+rkuyfPH849QsT6TwEWbUULNEa4dwM
FjIGbBNBBRy7yifn8hvP2QfS1Kh85CXXtrukkXJ3OMHf4ffLkL1XsTJRrkohptcD
WUALy3UMq3jHCyB9BksVyQxBVJ3HIKn2JOG+zYHLpJQLiSLeP9Ulvwy+mYe6aWK9
67akrwu5znTJ8FZjsoYYYCaG9AcM+cGCvAZn9WkbDv+6JpcLMjPWgytbhsv3MtZk
BqLWeEitlh2GsoKRUPQ9gHp4qFVZmIlKS7stUVDSHpGpz9hej0M17IU9r2e67njL
nkhpU6Css4tEhsfepTV9
=+AZO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.