Bugzilla – Bug 526185
VUL-0: CVE-2009-0696: BIND: remote DoS
Last modified: 2022-06-09 15:06:17 UTC
Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert. This vulnerability affects all servers that are masters for one or more zones – it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround. dns_db_findrdataset() fails when the prerequisite section of the dynamic update message contains a record of type “ANY” and where at least one RRset for this FQDN exists on the server. db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed exiting (due to assertion failure). Information available in https://www.isc.org/node/474 http://www.kb.cert.org/vuls/id/725188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
Created attachment 308699 [details] You may duplicate the package by attached perl. Hope this can help.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 https://bugzilla.redhat.com/show_bug.cgi?id=514292
given the generic remote dos possibility, bump sev and prio
The SWAMPID for this issue is 26189. Please submit the patch and patchinfo file using this ID. (https://swamp.suse.de/webswamp/wf/26189)
according to solar designer every bind can be crashed by the exploit, even without ddns updates enabled.
Applied patches extracted from bind-9.5.1-P3 and submitted fixed packages with following request IDs to: 966 -> SUSE:openSUSE:10.3:Update:Test 965 -> SUSE:openSUSE:11.0:Update:Test 964 -> SUSE:openSUSE:11.1:Update:Test 963 -> SUSE:SLE-10-SP2:Update:Test 962 -> SUSE:SLE-11:Update:Test SLES9 follows (verify build still running). Did I forget something?
I think we might need an update for SLES 8 too here, package name there is bind9
(In reply to comment #6) > according to solar designer every bind can be crashed by the exploit, > even without ddns updates enabled. Yes, see also https://bugzilla.redhat.com/show_bug.cgi?id=514292#c16 but the fix seems to be correct / I didn't found any hint that the fix would be incomplete. When this is not correct, please let me know... Submitted SLES9 package as well.
(In reply to comment #8) > I think we might need an update for SLES 8 too here, > > package name there is bind9 Package is in tait:/space/mt/sles8/bind9, mbuild jobid is 'tait-mt-1'.
The sles8 package does not have this fix: ------------------------------------------------------------------- Thu Jan 8 16:08:18 CET 2009 - ug@suse.de - Security Vulnerability: insecure usage of openssl, not checking return values (bnc#464462) -------------------------------------------------------------------
I've applied the openssl_ret_value_9_3_6.diff fix for above bug too: bind9 -> SLES8
OK, back to security-team. Reassign back / let me know when it is not all, please.
I think the severity makes it also necessary to release for LTSS products, sles9-sp3 and sles10 (sp1) Marius, can you also submit fixes against those? (sles9 might be difficult since sp4 had a version update, sles10 should be easier).
I've copied the sles10 sp2 version to sp1 and adapted the changelog. all 3 changes between sp1 and sp2 are security related anyways.
Update released for: bind, bind-chrootenv, bind-debuginfo, bind-debugsource, bind-devel, bind-doc, bind-libs, bind-lwresd, bind-utils Products: openSUSE 10.3 (i386, ppc, ppc64, x86_64) openSUSE 11.0 (debug, i386, ppc, ppc64, x86_64) openSUSE 11.1 (debug, i586, ppc, ppc64, x86_64)
sles10sp2, sles11,sles9 sp4,sles8,boxes released today, sles10sp1 ltss, sles9 sp3 ltss also queued
Update released for: bind, bind-chrootenv, bind-devel, bind-doc, bind-libs, bind-lwresd, bind-utils Products: SLE-DEBUGINFO 10-SP2 (i386, ia64, ppc, s390x, x86_64) SLE-DESKTOP 10-SP2 (i386, x86_64) SLE-SDK 10-SP2 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP2 (i386, ia64, ppc, s390x, x86_64)
Update released for: bind, bind-chrootenv, bind-debuginfo, bind-debugsource, bind-devel, bind-devel-32bit, bind-doc, bind-libs, bind-libs-32bit, bind-libs-x86, bind-lwresd, bind-utils Products: SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11 (i386, x86_64) SLE-SDK 11 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)
Update released for: bind, bind-devel, bind-utils Products: Novell-Linux-Desktop 9 (i386, x86_64) Novell-Linux-POS 9 (i386) Open-Enterprise-Server 9 (i386) SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64)
submitted following fixes to sles9-sp3: - Security Vulnerability: Dynamic Update DoS (CVE-2009-0696, VU#725188, bnc#526185) - Security Vulnerability: insecure usage of openssl, not checking return values (bnc#464462) - security fix (bug #354671) CVE-2008-0122: VU#203611 buffer overflow in inet_network() - Applied named-bootconf.sh fix to use a mktemp created dir.
Update released for: bind, bind-chrootenv, bind-devel, bind-doc, bind-libs, bind-lwresd, bind-utils Products: SLE-SERVER 10-SP1-LTSS (i386, s390x, x86_64)
released them all
Update released for: bind, bind-devel, bind-utils Products: SUSE-CORE 9-SP3 (i386, s390x, x86_64)
what is the current release for SLES 8? i can't find the link to download this version on the patch finder and the link for the TID here is broken http://support.novell.com/security/cve/CVE-2009-0696.html Thanks
no idea how this works for sles8
The report shows that there is a available version for SLES 8 and the release mentioned is 9.3.4-0.6 but i can't find it anywhere. That report also points to this bug.
sles8 is in extended maintenance, so only a limited set of customers get this patch. (actually there should be 0 customers left according to our data.) (Customers need to pay this extension, it is not in the general sles subscription.) The patch itself is available via YOU (online update) only, not via patchbuilder/download.novell.com. https://you.novell.com/update/i386/update/SuSE-SLES/8-EXTENDED/
CVE-2009-0696: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)