<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Hi Josef,</div>
<div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Sounds like it may be CVE-2021-25216: "A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack" that your looking for.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<a href="https://kb.isc.org/docs/cve-2021-25216" id="LPlnk717076">https://kb.isc.org/docs/cve-2021-25216</a><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Kind Regards Peter</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<div>
<div id="divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
Sent from <a href="http://aka.ms/weboutlook">Outlook</a></div>
</div>
</div>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Josef Moellers <jmoellers@suse.de><br>
<b>Sent:</b> 10 June 2021 12:00<br>
<b>To:</b> Peter Davies <peter.watson.davies@outlook.com><br>
<b>Cc:</b> bind-workers@lists.isc.org <bind-workers@lists.isc.org><br>
<b>Subject:</b> Re: ISC BIND TKEY Query Out-Of-Bounds Read Information Disclosure Vulnerability</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Hello Peter,<br>
<br>
On 10.06.21 11:57, Peter Davies wrote:<br>
> Hi Josef,<br>
> Was it Hi Josef,<br>
> Was it "CVE-2020-8622: A truncated TSIG response can lead to an<br>
> assertion failure" you were thinking of?<br>
<br>
No. As far as I know, no CVE# has yet been assigned. The vulnerability<br>
was discovered by the Zero Day Initiative:<br>
<a href="https://www.zerodayinitiative.com/advisories/ZDI-21-502/">https://www.zerodayinitiative.com/advisories/ZDI-21-502/</a><br>
<br>
They write that is has been fixed in 9.11.31 and 9.16.15 and this it was<br>
definitely present in 9.16.13. I am currently searching for what may be<br>
the fix but the code is pretty complex ...<br>
<br>
Thanks,<br>
<br>
Josef<br>
> <br>
> <a href="https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5">
https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5</a><br>
> <<a href="https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5">https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5</a>><br>
> <<a href="https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5">https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5</a>><br>
> <br>
> CVE-2020-8622: A truncated TSIG response can lead to an assertion<br>
> failure - Security Advisories<br>
> <<a href="https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5">https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5</a>><br>
> kb.isc.org<br>
> <br>
> //<br>
> <br>
> Kind Regards Peter<br>
> Sent from Outlook <<a href="http://aka.ms/weboutlook">http://aka.ms/weboutlook</a>><br>
> ------------------------------------------------------------------------<br>
> *From:* bind-workers <bind-workers-bounces@lists.isc.org> on behalf of<br>
> Josef Moellers <jmoellers@suse.de><br>
> *Sent:* 10 June 2021 11:43<br>
> *To:* bind-workers@lists.isc.org <bind-workers@lists.isc.org><br>
> *Subject:* ISC BIND TKEY Query Out-Of-Bounds Read Information Disclosure<br>
> Vulnerability<br>
> <br>
> Hi,<br>
> <br>
> Some time ago, this vulnerability was disclosed, but I cannot find any<br>
> trace of the fix for this in the latest CHANGES file.<br>
> <br>
> As I need to backport the fix to older versions, can anyone describe<br>
> where and how this was fixed?<br>
> <br>
> Thanks and ... stay safe!<br>
> <br>
> Josef<br>
> <br>
> -- <br>
> SUSE Software Solutions Germany GmbH<br>
> Maxfeldstr. 5<br>
> 90409 Nürnberg<br>
> Germany<br>
> <br>
> (HRB 36809, AG Nürnberg)<br>
> Geschäftsführer: Felix Imendörffer<br>
> <br>
> _______________________________________________<br>
> bind-workers mailing list<br>
> bind-workers@lists.isc.org<br>
> <a href="https://lists.isc.org/mailman/listinfo/bind-workers">https://lists.isc.org/mailman/listinfo/bind-workers</a><br>
> <<a href="https://lists.isc.org/mailman/listinfo/bind-workers">https://lists.isc.org/mailman/listinfo/bind-workers</a>><br>
<br>
<br>
-- <br>
SUSE Software Solutions Germany GmbH<br>
Maxfeldstr. 5<br>
90409 Nürnberg<br>
Germany<br>
<br>
(HRB 36809, AG Nürnberg)<br>
Geschäftsführer: Felix Imendörffer<br>
</div>
</span></font></div>
</body>
</html>