Oval Definition:oval:com.redhat.rhsa:def:20120683
Revision Date:2012-05-21Version:635
Title:RHSA-2012:0683: bind-dyndb-ldap security update (Important)
Description:The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers.

  • A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacker were able to send DNS queries to a named server that is configured to use bind-dyndb-ldap, they could trigger such an error with a DNS query leveraging bind-dyndb-ldap's insufficient escaping of the LDAP base DN (distinguished name). This would result in an invalid LDAP query that named would retry in a loop, preventing it from responding to other DNS queries. With this update, bind-dyndb-ldap only attempts to retry one time when an LDAP search returns an unexpected error. (CVE-2012-2134)

    Red Hat would like to thank Ronald van Zantvoort for reporting this issue.

    All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2012-2134
    CVE-2012-2134
    RHSA-2012:0683
    RHSA-2012:0683-01
    RHSA-2012:0683-01
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND bind-dyndb-ldap is earlier than 0:0.2.0-7.el6_2.1
  • AND bind-dyndb-ldap is signed with Red Hat redhatrelease2 key
  • BACK