CVE-2012-5166: Specially crafted DNS data can cause a lockup in named

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL) 6
  • Red Hat Enterprise Linux (RHEL) 5
  • Red Hat Enterprise Linux (RHEL) 4
  • bind 9.x

Issue

  • Which versions of bind packages in Red Hat Enterprise Linux (RHEL) are affected by the CVE 2012-5166?
  • Is there a workaround?

Resolution

According to ISC's KB https://kb.isc.org/article/AA-00801 the following versions are affected:

9.2.x -> 9.6.x, 9.4-ESV->9.4-ESV-R5-P1, 9.6-ESV->9.6-ESV-R7-P3, 9.7.0->9.7.6-P3, 9.8.0->9.8.3-P3, 9.9.0->9.9.1-P3

For Red Hat versions of BIND, the following errata have been released:

Please see the Red Hat Security CVE entry for more details:
https://access.redhat.com/security/cve/CVE-2012-5166

  • What is a workaround for the CVE?
    According to advisory (ISC KB) section 'Workarounds:"
**Workarounds:**
Setting the option 'minimal-responses' to 'yes' will prevent the lockup.

Accordigng to bind document:

**minimal-responses** If yes, then when generating responses the server will only add records to the au-
thority and additional data sections when they are required (e.g. delegations, negative responses).
This may improve the performance of the server. The default is no.

Root Cause

  • According to ISC KB:
If specific combinations of RDATA are loaded into a nameserver, either via cache or an authoritative zone, a subsequent query for a related record will cause named to lock up.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments