785121 – (CVE-2012-5166) network/bind: VUL-0: CVE-2012-5166: bind: Specially crafted RDATA causes bind to stop working

Bug 785121 (CVE-2012-5166) - network/bind: VUL-0: CVE-2012-5166: bind: Specially crafted RDATA causes bind to stop working

Summary: network/bind: VUL-0: CVE-2012-5166: bind: Specially crafted RDATA causes bind...

Status:	RESOLVED FIXED

Alias:	CVE-2012-5166

Product:	openSUSE.org
Classification:	openSUSE
Component:	3rd party software (show other bugs)
Version:	unspecified
Hardware:	All Other

Priority:	P1 - Urgent Severity: Critical (vote)
Target Milestone:	---
Assignee:	Reinhard Max
QA Contact:	E-mail List

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:	CVSSv2:NVD:CVE-2012-5166:7.8:(AV:N/A...
Keywords:	security_vulnerability

Depends on:
Blocks:

Clone This Bug

Reported:	2012-10-15 16:13 UTC by Bernhard Schmidt
Modified:	2019-05-01 16:02 UTC (History)
CC List:	1 user (show)

See Also:	https://bugzilla.novell.com/show_bug.cgi?id=784602
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernhard Schmidt 2012-10-15 16:13:10 UTC

A nameserver can be locked up if it can be induced to load a specially crafted combination of resource records.

CVE: CVE-2012-5166
Document Version:          2.0
Posting date: 9 October 2012
Program Impacted: BIND
Versions affected: 9.2.x -> 9.6.x, 9.4-ESV->9.4-ESV-R5-P1, 9.6-ESV->9.6-ESV-R7-P3, 9.7.0->9.7.6-P3, 9.8.0->9.8.3-P3, 9.9.0->9.9.1-P3
Severity: Critical
Exploitable: 
Remotely

Please update to 9.9.1-P4

There is already #784602 for SuSE shipped packages (also not yet fixed)

Comment 1 Marcus Meissner 2012-10-15 20:27:51 UTC

updates for opensUSE and SLES are already in QA

Comment 2 Marcus Meissner 2012-10-19 12:15:39 UTC

I just checked in 9.9.1-P4 there.