Skip to navigation

Security Advisory Important: bind-dyndb-ldap security update

Advisory: RHSA-2012:0683-1
Type: Security Advisory
Severity: Important
Issued on: 2012-05-21
Last updated on: 2012-05-21
Affected Products: Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.2)
Red Hat Enterprise Linux Server EUS (v. 6.2.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-2134

Details

An updated bind-dyndb-ldap package that fixes one security issue is now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The dynamic LDAP back end is a plug-in for BIND that provides back-end
capabilities to LDAP databases. It features support for dynamic updates
and internal caching that help to reduce the load on LDAP servers.

A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a
remote attacker were able to send DNS queries to a named server that is
configured to use bind-dyndb-ldap, they could trigger such an error with a
DNS query leveraging bind-dyndb-ldap's insufficient escaping of the LDAP
base DN (distinguished name). This would result in an invalid LDAP query
that named would retry in a loop, preventing it from responding to other
DNS queries. With this update, bind-dyndb-ldap only attempts to retry one
time when an LDAP search returns an unexpected error. (CVE-2012-2134)

Red Hat would like to thank Ronald van Zantvoort for reporting this issue.

All bind-dyndb-ldap users should upgrade to this updated package, which
contains a backported patch to correct this issue. For the update to take
effect, the named service must be restarted.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Server (v. 6)

SRPMS:
bind-dyndb-ldap-0.2.0-7.el6_2.1.src.rpm
File outdated by:  RHBA-2013:1636
    MD5: 49e8a65088d5cbbf9664fe543999a22d
SHA-256: 7cbcb8fed512f7edf62576154522384c815dc44c2b72eeb7b161594027b89470
 
IA-32:
bind-dyndb-ldap-0.2.0-7.el6_2.1.i686.rpm
File outdated by:  RHBA-2013:1636
    MD5: bd9d6a63b197476a16b0a91b5ec41a93
SHA-256: e80b029f304107840042c269d3e1d3eaf966476536a0c5b8dbc0d13e03e678bd
bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.i686.rpm
File outdated by:  RHBA-2013:1636
    MD5: caa0c05b4e82bd56bb28d72267b9aab7
SHA-256: 9d26a977623eff12847a501c2aa624190f73547c64f3bc718ed4d3943ffd0376
 
PPC:
bind-dyndb-ldap-0.2.0-7.el6_2.1.ppc64.rpm
File outdated by:  RHBA-2013:1636
    MD5: 3c82dd680b46025fab2713d01d29a749
SHA-256: d53f7d765a0e0ef3440c8657b4c26cc9965fa5980d19517d715bbeed65b5ad94
bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.ppc64.rpm
File outdated by:  RHBA-2013:1636
    MD5: b90bd48bb51ca9fb38c09b9a64786194
SHA-256: 7017522813c31ecce70d298f4d95a8c1eea19eb0384e7830ada4b3bd320ac74f
 
s390x:
bind-dyndb-ldap-0.2.0-7.el6_2.1.s390x.rpm
File outdated by:  RHBA-2013:1636
    MD5: 2da11505fa814b8cb33c2c5e8f518277
SHA-256: de5d8f50d513bb03acdfce064dd942b8a5c1d4c439ce1d362c46b59f556eaa27
bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.s390x.rpm
File outdated by:  RHBA-2013:1636
    MD5: ae6347b3ac89b648f4c90b5f9e1b5f67
SHA-256: df55d79a435d5183045140c2906430af09db5333e7ec31b703882db325372c7e
 
x86_64:
bind-dyndb-ldap-0.2.0-7.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1636
    MD5: d084741a6334ab6f15a3effb384d84b8
SHA-256: ef954f7960fb8bd61f94c30dd6cd6c9ab77af76fd4a6320e64bf15b0c8bdb231
bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1636
    MD5: 0199c2d2af6a7ee27a6365331d09ef5a
SHA-256: 2fad1fff68e9108d841ce15b17a362e90f704390b2c62bd7c06664d48b0510c5
 
Red Hat Enterprise Linux Server AUS (v. 6.2)

SRPMS:
bind-dyndb-ldap-0.2.0-7.el6_2.1.src.rpm
File outdated by:  RHBA-2013:1636
    MD5: 49e8a65088d5cbbf9664fe543999a22d
SHA-256: 7cbcb8fed512f7edf62576154522384c815dc44c2b72eeb7b161594027b89470
 
x86_64:
bind-dyndb-ldap-0.2.0-7.el6_2.1.x86_64.rpm     MD5: d084741a6334ab6f15a3effb384d84b8
SHA-256: ef954f7960fb8bd61f94c30dd6cd6c9ab77af76fd4a6320e64bf15b0c8bdb231
bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.x86_64.rpm     MD5: 0199c2d2af6a7ee27a6365331d09ef5a
SHA-256: 2fad1fff68e9108d841ce15b17a362e90f704390b2c62bd7c06664d48b0510c5
 
Red Hat Enterprise Linux Server EUS (v. 6.2.z)

SRPMS:
bind-dyndb-ldap-0.2.0-7.el6_2.1.src.rpm
File outdated by:  RHBA-2013:1636
    MD5: 49e8a65088d5cbbf9664fe543999a22d
SHA-256: 7cbcb8fed512f7edf62576154522384c815dc44c2b72eeb7b161594027b89470
 
IA-32:
bind-dyndb-ldap-0.2.0-7.el6_2.1.i686.rpm     MD5: bd9d6a63b197476a16b0a91b5ec41a93
SHA-256: e80b029f304107840042c269d3e1d3eaf966476536a0c5b8dbc0d13e03e678bd
bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.i686.rpm     MD5: caa0c05b4e82bd56bb28d72267b9aab7
SHA-256: 9d26a977623eff12847a501c2aa624190f73547c64f3bc718ed4d3943ffd0376
 
PPC:
bind-dyndb-ldap-0.2.0-7.el6_2.1.ppc64.rpm     MD5: 3c82dd680b46025fab2713d01d29a749
SHA-256: d53f7d765a0e0ef3440c8657b4c26cc9965fa5980d19517d715bbeed65b5ad94
bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.ppc64.rpm     MD5: b90bd48bb51ca9fb38c09b9a64786194
SHA-256: 7017522813c31ecce70d298f4d95a8c1eea19eb0384e7830ada4b3bd320ac74f
 
s390x:
bind-dyndb-ldap-0.2.0-7.el6_2.1.s390x.rpm     MD5: 2da11505fa814b8cb33c2c5e8f518277
SHA-256: de5d8f50d513bb03acdfce064dd942b8a5c1d4c439ce1d362c46b59f556eaa27
bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.s390x.rpm     MD5: ae6347b3ac89b648f4c90b5f9e1b5f67
SHA-256: df55d79a435d5183045140c2906430af09db5333e7ec31b703882db325372c7e
 
x86_64:
bind-dyndb-ldap-0.2.0-7.el6_2.1.x86_64.rpm     MD5: d084741a6334ab6f15a3effb384d84b8
SHA-256: ef954f7960fb8bd61f94c30dd6cd6c9ab77af76fd4a6320e64bf15b0c8bdb231
bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.x86_64.rpm     MD5: 0199c2d2af6a7ee27a6365331d09ef5a
SHA-256: 2fad1fff68e9108d841ce15b17a362e90f704390b2c62bd7c06664d48b0510c5
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
bind-dyndb-ldap-0.2.0-7.el6_2.1.src.rpm
File outdated by:  RHBA-2013:1636
    MD5: 49e8a65088d5cbbf9664fe543999a22d
SHA-256: 7cbcb8fed512f7edf62576154522384c815dc44c2b72eeb7b161594027b89470
 
IA-32:
bind-dyndb-ldap-0.2.0-7.el6_2.1.i686.rpm
File outdated by:  RHBA-2013:1636
    MD5: bd9d6a63b197476a16b0a91b5ec41a93
SHA-256: e80b029f304107840042c269d3e1d3eaf966476536a0c5b8dbc0d13e03e678bd
bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.i686.rpm
File outdated by:  RHBA-2013:1636
    MD5: caa0c05b4e82bd56bb28d72267b9aab7
SHA-256: 9d26a977623eff12847a501c2aa624190f73547c64f3bc718ed4d3943ffd0376
 
x86_64:
bind-dyndb-ldap-0.2.0-7.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1636
    MD5: d084741a6334ab6f15a3effb384d84b8
SHA-256: ef954f7960fb8bd61f94c30dd6cd6c9ab77af76fd4a6320e64bf15b0c8bdb231
bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2013:1636
    MD5: 0199c2d2af6a7ee27a6365331d09ef5a
SHA-256: 2fad1fff68e9108d841ce15b17a362e90f704390b2c62bd7c06664d48b0510c5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

815846 - CVE-2012-2134 bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/