CVE-2022-0396 BIND 9.16.11 -> 9.18.0 and version 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.

CVE-2022-0396 BIND 9.16.11 -> 9.18.0 and version 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.

This issue affects servers that rely on the query mechanism to accept incoming connections. Servers that rely on the connection-close mechanism to release resources will often stay in CLOSE_WAIT state, awaiting a connection close. In the case where a stream is causing this issue, the server will remain in CLOSE_WAIT state for an indefinite period of time. This can happen even if the stream was closed by the client or was not opened in the first place. The server may stay in CLOSE_WAIT state for a long time, preventing any other clients from connecting. Servers that use the query mechanism to accept incoming connections are not directly affected by this issue. Only those servers that rely on the connection-close mechanism will stay in CLOSE_WAIT state.

Fixing the Issue

The issue can be fixed by adding the following line to the configuration file:
server_idle = off
to enable idle server detection. This will cause a server to remain in IDLE state if no other connections are detected. Also, make sure that the server is configured with a fair share of CPU cores.

Workaround

In order to work around this issue, open the connections on a different TCP port.

Which Linux distributions are affected by this issue?

All current versions of Linux are affected by this issue. The following distributions have been confirmed to have the issue:

Debian (6.x)
Red Hat Enterprise Linux (7.x)
Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS
CentOS 7

Discovery

This issue is not publicly known, and therefore customers are not likely to encounter this problem.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe