-
The ISC SPNEGO implementation is based on mod_auth_kerb code. When CVE-2006-5989 was disclosed, the relevant fix was not applied to the BIND 9 codebase, making the latter vulnerable to the aforementioned flaw when "tkey-gssapi-keytab" or "tkey-gssapi-credential" is set in named.conf. The original description of CVE-2006-5989 was: Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. Later research revealed that this flaw also theoretically enables remote code execution, though achieving the latter in real-world conditions is currently deemed very difficult. This vulnerability was responsibly reported as ZDI-CAN-12302 ("ISC BIND TKEY Query Heap-based Buffer Overflow Remote Code Execution Vulnerability") by Trend Micro Zero Day Initiative.
b04cb884