named: stack smashing attack in function query_find

[richard.scott]

I've recently upgraded to bind-9.3.4 and when I try and emerge with the "idn" flag I get a stack error when running the daemon:

Code: Select all

named: stack smashing attack in function query_find

Once you try and query a zone file that the bind server is a master for it kills the daemon and reports a stack smashing error!

If you re-compile with "-idn" then its all ok!

EDIT: ok, its not all ok without the IDN flag...it was late when I restarted my daemon and I didn't notice it crash again!

Has anyone else see this with a hardened system?

[guerro]

same problem here..... I think that it has the same problem like previous version (9.3.3, hard-masked 1 day after it become stable)....
I solved it masking last version and using old version (9.3.2). I hope that in the future this bug will be solved. Now I still waiting

[LostControl]

Has anyone else see this with a hardened system?

Same here

[babudro]

Same here. I'm glad to have found this reminder. I ran into this before (probably with 9.3.3) but forgot what I had done to fix it. These forums can sure save a guy a lot of head scratching.

[smoco]

Hi ,
After bind update to version 9.3.4 , a cannot start bind , after start it is running few seconds a then fall down with
"unable to start stack smashing attack in function query_find" message.
Have anyone the same problem ??

ENVIROMENT
Hardened gentoo x86 , Pentium 4
kernel version 2.6.17-hardened-r1

[pent0z]

i had similar problems whit the hardened profile... named starts, but after some seconds goes down
switched back to the previous version

[smoco]

I've tried 9.2.8 and same thing , so I remove all /var/bind start bind and the same , it looks that only 9.3.2 is working correctly.

[tomk]

Merged previous three posts.

[richard.scott]

i had similar problems whit the hardened profile... named starts, but after some seconds goes down
switched back to the previous version

What are your CFLAGS set to?

I have mine set as follows:

Code: Select all

CFLAGS="-mtune=i686 -Os -pipe -fomit-frame-pointer"

I hear that if you try -O instead of -Os or -O2 that it may be ok.....I read that on a bug report somewhere but not tested it yet as it would mean a total rebuild of my server


EDIT: ok, after a total rebuild with -O and not -Os its still the same

[chashab]

Has anyone solved this issue yet?

I'm going to downgrade for now. If someone else is considering downgrading, note [glsa=200702-06][ GLSA 200702-06 ] BIND: Denial of Service[/glsa].

Update: Should have read the previous posts more closely:

I've tried 9.2.8 and same thing , so I remove all /var/bind start bind and the same , it looks that only 9.3.2 is working correctly.

The problem is 9.3.2 suffers from the aforementioned GLSA 200702-06. In other words, there is no viable bind version for a hardened system at this point.

Update: What I did is use gcc-config to switch to a non hardened gcc. Recompiled the most recent bind and switched gcc back afterwards. So no hardened bind, but better than running a vulnerable version.

[s_wilk]

Hi,


You don't need to downgrade it.

Just switch gcc to hardenednossp version and recompile bind.
It works then.

--
Regards,
Szymon Wilkolazki

[richard.scott]

Hi,


You don't need to downgrade it.

Just switch gcc to hardenednossp version and recompile bind.
It works then.

--
Regards,
Szymon Wilkolazki

does this make the service less secure?