Skip to content

GitLab

Projects Groups Snippets

/

Help
Register
Sign in

BIND
Project information
- Project information
- Activity
- Labels
- Members
Repository
- Repository
- Files
- Commits
- Branches
- Tags
- Contributors
- Graph
- Compare
Issues 610
- Issues 610
- List
- Boards
- Service Desk
- Milestones
Merge requests 87
- Merge requests 87
CI/CD
- CI/CD
- Pipelines
- Jobs
- Schedules
Deployments
- Deployments
- Environments
- Releases
Packages and registries
- Packages and registries
- Container Registry
Monitor
- Monitor
- Incidents
Analytics
- Analytics
- Value stream
- CI/CD
- Repository
Wiki
- Wiki
Snippets
- Snippets
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards

Collapse sidebar

ISC Open Source Projects
BIND
Issues
#3112

Closed

Open

Issue created Jan 26, 2022 by Dan Theisen @djtContributor15 of 15 checklist items completed15/15 checklist items

[CVE-2022-0396] DoS in BIND via lingering TCP sockets stuck in CLOSE-WAIT

An issue in BIND can consume TCP connection slots indefinitely via a specifically crafted TCP stream sent by a client.

https://wiki.isc.org/bin/view/Main/SecurityIncident202201TCPStuckInCloseWaitDoS

CVE-specific actions

Assign a CVE identifier: CVE-2022-0396
Determine CVSS score: 4.9 total (5.3 base), CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Determine the range of BIND versions affected (including the Subscription Edition)
Determine whether workarounds for the problem exists
- Issue can be mitigated by setting keep-repsonse-order { "none"; };
Create a draft of the security advisory and put the information above in there
- https://mattermost.isc.org/isc/channels/cve-2022-0396-dos-lingering-tcp-sockets/hyt7spw4dpnpf89nfra5htuexy
Prepare a detailed description of the problem which should include the following by default:
- instructions for reproducing the problem (a system test is good enough)
  - The configuration option keep-response-order { "any"; }; must be set on the server.
  - A script which reproduces the issue is attached I-root-19872-linger-repro_bind-9.16.py
    - Client opens TCP socket with server with SO_LINGER sockopt set to >0
    - Client must send at least ONE properly formed query to the server
    - Client sends any additional garbage to server over socket
    - Client closes socket and walks away
    - Connection on server side stays in CLOSE-WAIT indefinitely
- #3112 (comment 265790)
Prepare a private merge request containing the following items in separate commits:
- a test for the issue (may be moved to a separate merge request for deferred merging)
  - https://gitlab.isc.org/isc-private/bind9/-/merge_requests/354
- a fix for the issue
- documentation updates (CHANGES, release notes, anything else applicable)
  - https://gitlab.isc.org/isc-private/bind9/-/merge_requests/353
Ensure the merge request from the previous step is reviewed by SWENG staff and has no outstanding discussions
Ensure the documentation changes introduced by the merge request addressing the problem are reviewed by Support and Marketing staff
Prepare backports of the merge request addressing the problem for all affected (and still maintained) BIND branches (backporting might affect the issue's scope and/or description)
Prepare a standalone patch for the last stable release of each affected (and still maintained) BIND branch

Release-specific actions

Create/update the private issue containing links to fixes & reproducers for all CVEs fixed in a given release cycle
Reserve a block of CHANGES placeholders once the complete set of vulnerabilities fixed in a given release cycle is determined
Ensure the merge requests containing CVE fixes are merged into security-* branches in CVE identifier order

Post-disclosure actions

Merge a regression test reproducing the bug into all affected (and still maintained) BIND branches

Edited Apr 08, 2022 by Michal Nowak

Assignee

Assign to

Time tracking