ISC BIND TKEY Query Out-Of-Bounds Read Information Disclosure Vulnerability

Peter Davies peter.watson.davies at outlook.com
Thu Jun 10 10:14:36 UTC 2021


Hi Josef,
   Sounds like it may be   CVE-2021-25216: "A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack" that your looking for.

https://kb.isc.org/docs/cve-2021-25216

Kind Regards Peter

Sent from Outlook<http://aka.ms/weboutlook>
________________________________
From: Josef Moellers <jmoellers at suse.de>
Sent: 10 June 2021 12:00
To: Peter Davies <peter.watson.davies at outlook.com>
Cc: bind-workers at lists.isc.org <bind-workers at lists.isc.org>
Subject: Re: ISC BIND TKEY Query Out-Of-Bounds Read Information Disclosure Vulnerability

Hello Peter,

On 10.06.21 11:57, Peter Davies wrote:
> Hi Josef,
>   Was it Hi Josef,
>   Was it "CVE-2020-8622: A truncated TSIG response can lead to an
> assertion failure" you were thinking of?

No. As far as I know, no CVE# has yet been assigned. The vulnerability
was discovered by the Zero Day Initiative:
https://www.zerodayinitiative.com/advisories/ZDI-21-502/

They write that is has been fixed in 9.11.31 and 9.16.15 and this it was
definitely present in 9.16.13. I am currently searching for what may be
the fix but the code is pretty complex ...

Thanks,

Josef
>
> https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5
> <https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5>
> <https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5>
>
> CVE-2020-8622: A truncated TSIG response can lead to an assertion
> failure - Security Advisories
> <https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5>
> kb.isc.org
>
> //
>
> Kind Regards Peter
> Sent from Outlook <http://aka.ms/weboutlook>
> ------------------------------------------------------------------------
> *From:* bind-workers <bind-workers-bounces at lists.isc.org> on behalf of
> Josef Moellers <jmoellers at suse.de>
> *Sent:* 10 June 2021 11:43
> *To:* bind-workers at lists.isc.org <bind-workers at lists.isc.org>
> *Subject:* ISC BIND TKEY Query Out-Of-Bounds Read Information Disclosure
> Vulnerability
>
> Hi,
>
> Some time ago, this vulnerability was disclosed, but I cannot find any
> trace of the fix for this in the latest CHANGES file.
>
> As I need to backport the fix to older versions, can anyone describe
> where and how this was fixed?
>
> Thanks and ... stay safe!
>
> Josef
>
> --
> SUSE Software Solutions Germany GmbH
> Maxfeldstr. 5
> 90409 Nürnberg
> Germany
>
> (HRB 36809, AG Nürnberg)
> Geschäftsführer: Felix Imendörffer
>
> _______________________________________________
> bind-workers mailing list
> bind-workers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-workers
> <https://lists.isc.org/mailman/listinfo/bind-workers>


--
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany

(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-workers/attachments/20210610/ce2e72f6/attachment.htm>


More information about the bind-workers mailing list