ID CVE-2012-2134
Summary The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infinite loop and named server hang) via a non-alphabet character in the base DN in an LDAP search DNS query.
References
Vulnerable Configurations
  • Martin Nagy bind-dyndb-ldap 1.1.0b2
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b2
  • Martin Nagy bind-dyndb-ldap 1.1.0b1
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b1
  • Martin Nagy bind-dyndb-ldap 1.1.0a2
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a2
  • Martin Nagy bind-dyndb-ldap 1.1.0a1
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a1
  • Martin Nagy bind-dyndb-ldap 1.0.0 release candidate 1
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:rc1
  • Martin Nagy bind-dyndb-ldap 1.0.0b1
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:b1
  • Martin Nagy bind-dyndb-ldap 0.2.0
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.2.0
  • Martin Nagy bind-dyndb-ldap 0.1.0b
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:b
  • Martin Nagy bind-dyndb-ldap 0.1.0a1
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:a1
CVSS
Base: 4.3 (as of 27-02-2014 - 10:20)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0683.NASL
    description An updated bind-dyndb-ldap package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacker were able to send DNS queries to a named server that is configured to use bind-dyndb-ldap, they could trigger such an error with a DNS query leveraging bind-dyndb-ldap's insufficient escaping of the LDAP base DN (distinguished name). This would result in an invalid LDAP query that named would retry in a loop, preventing it from responding to other DNS queries. With this update, bind-dyndb-ldap only attempts to retry one time when an LDAP search returns an unexpected error. (CVE-2012-2134) Red Hat would like to thank Ronald van Zantvoort for reporting this issue. All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59224
    published 2012-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59224
    title RHEL 6 : bind-dyndb-ldap (RHSA-2012:0683)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6722.NASL
    description Update to the 1.1.0rc1 version which fixes CVE-2012-2134. - it was possible to DoS named process by query which contained non-alphabet characters and which belongs to zone served by the plugin. (CVE-2012-2134) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 59099
    published 2012-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59099
    title Fedora 16 : bind-dyndb-ldap-1.1.0-0.11.rc1.fc16 (2012-6722)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6666.NASL
    description Update to the 1.1.0rc1 version which fixes CVE-2012-2134. - it was possible to DoS named process by query which contained non-alphabet characters and which belongs to zone served by the plugin. (CVE-2012-2134) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 59259
    published 2012-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59259
    title Fedora 17 : bind-dyndb-ldap-1.1.0-0.11.rc1.fc17 (2012-6666)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120521_BIND_DYNDB_LDAP_ON_SL6_X.NASL
    description The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacker were able to send DNS queries to a named server that is configured to use bind-dyndb-ldap, they could trigger such an error with a DNS query leveraging bind-dyndb-ldap's insufficient escaping of the LDAP base DN (distinguished name). This would result in an invalid LDAP query that named would retry in a loop, preventing it from responding to other DNS queries. With this update, bind-dyndb-ldap only attempts to retry one time when an LDAP search returns an unexpected error. (CVE-2012-2134) All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61314
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61314
    title Scientific Linux Security Update : bind-dyndb-ldap on SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0683.NASL
    description An updated bind-dyndb-ldap package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacker were able to send DNS queries to a named server that is configured to use bind-dyndb-ldap, they could trigger such an error with a DNS query leveraging bind-dyndb-ldap's insufficient escaping of the LDAP base DN (distinguished name). This would result in an invalid LDAP query that named would retry in a loop, preventing it from responding to other DNS queries. With this update, bind-dyndb-ldap only attempts to retry one time when an LDAP search returns an unexpected error. (CVE-2012-2134) Red Hat would like to thank Ronald van Zantvoort for reporting this issue. All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59233
    published 2012-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59233
    title CentOS 6 : bind-dyndb-ldap (CESA-2012:0683)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6759.NASL
    description Update to the 1.1.0rc1 version which fixes CVE-2012-2134. - it was possible to DoS named process by query which contained non-alphabet characters and which belongs to zone served by the plugin. (CVE-2012-2134) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 59100
    published 2012-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59100
    title Fedora 15 : bind-dyndb-ldap-1.1.0-0.11.rc1.fc15 (2012-6759)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0683.NASL
    description From Red Hat Security Advisory 2012:0683 : An updated bind-dyndb-ldap package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacker were able to send DNS queries to a named server that is configured to use bind-dyndb-ldap, they could trigger such an error with a DNS query leveraging bind-dyndb-ldap's insufficient escaping of the LDAP base DN (distinguished name). This would result in an invalid LDAP query that named would retry in a loop, preventing it from responding to other DNS queries. With this update, bind-dyndb-ldap only attempts to retry one time when an LDAP search returns an unexpected error. (CVE-2012-2134) Red Hat would like to thank Ronald van Zantvoort for reporting this issue. All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68530
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68530
    title Oracle Linux 6 : bind-dyndb-ldap (ELSA-2012-0683)
redhat via4
advisories
bugzilla
id 815846
title CVE-2012-2134 bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap
oval
AND
  • comment bind-dyndb-ldap is earlier than 0:0.2.0-7.el6_2.1
    oval oval:com.redhat.rhsa:tst:20120683005
  • comment bind-dyndb-ldap is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhsa:tst:20120683006
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
rhsa
id RHSA-2012:0683
released 2012-05-21
severity Important
title RHSA-2012:0683: bind-dyndb-ldap security update (Important)
rpms bind-dyndb-ldap-0:0.2.0-7.el6_2.1
refmap via4
confirm
mlist
  • [Freeipa-users] 20120424 named-dyndb-ldap looses connection when the LDAP server is under high load
  • [oss-security] 20140424 Re: CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap
osvdb 81619
secunia 48901
Last major update 10-03-2014 - 15:18
Published 26-02-2014 - 10:55
Back to Top