Bug 1291186 (CVE-2015-8461)
Summary: | CVE-2015-8461 bind: race condition when handling socket errors can lead to an assertion failure in resolver.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | nicku, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | bind 9.9.8-P2, bind 9.10.3-P2 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-12-15 21:09:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1291911 | ||
Bug Blocks: | 1291188 |
Description
Martin Prpič
2015-12-14 09:12:28 UTC
Acknowledgements: Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges John O'Brien of the University of Pennsylvania as the original reporter. Public now via upstream advisory. External References: https://kb.isc.org/article/AA-01319 Created bind tracking bugs for this issue: Affects: fedora-23 [bug 1291911] No Red Hat product included affected bind versions. Is this not the same vulnerability that caught us yesterday: 16-Dec-2015 03:33:25.000 client: client 10.206.88.22#11109: recursive-clients soft limit exceeded (9904/9900/10000), aborting oldest query 16-Dec-2015 03:33:25.940 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed 16-Dec-2015 03:33:25.941 general: exiting (due to assertion failure) 16-Dec-2015 06:29:47.000 client: client 49.199.24.156#43970: recursive-clients soft limit exceeded (9909/9900/10000), aborting oldest query 16-Dec-2015 06:29:47.521 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed 16-Dec-2015 06:29:47.521 general: exiting (due to assertion failure) 16-Dec-2015 06:29:08.000 client: client 10.204.43.127#5035: recursive-clients soft limit exceeded (9907/9900/10000), aborting oldest query 16-Dec-2015 06:29:08.556 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed 16-Dec-2015 06:29:08.556 general: exiting (due to assertion failure) 16-Dec-2015 13:23:39.002 client: client 110.21.91.221#53551: recursive-clients soft limit exceeded (9901/9900/10000), aborting oldest query 16-Dec-2015 13:23:39.817 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed 16-Dec-2015 13:23:39.817 general: exiting (due to assertion failure) 16-Dec-2015 13:54:45.000 client: client 10.204.44.161#28244: recursive-clients soft limit exceeded (9901/9900/10000), aborting oldest query 16-Dec-2015 13:54:45.592 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed 16-Dec-2015 13:54:45.592 general: exiting (due to assertion failure) 16-Dec-2015 15:44:36.000 client: client 49.195.170.22#18817: recursive-clients soft limit exceeded (9901/9900/10000), aborting oldest query 16-Dec-2015 15:44:36.716 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed 16-Dec-2015 15:44:36.716 general: exiting (due to assertion failure) 16-Dec-2015 06:27:36.000 client: client 10.204.247.33#14995: recursive-clients soft limit exceeded (9901/9900/10000), aborting oldest query 16-Dec-2015 06:27:36.613 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed 16-Dec-2015 06:27:36.614 general: exiting (due to assertion failure) 16-Dec-2015 06:50:06.000 client: client 49.195.168.80#59498: recursive-clients soft limit exceeded (9909/9900/10000), aborting oldest query 16-Dec-2015 06:50:06.376 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed 16-Dec-2015 06:50:06.376 general: exiting (due to assertion failure) 16-Dec-2015 11:27:51.008 client: client 58.111.135.165#58059: recursive-clients soft limit exceeded (9901/9900/10000), aborting oldest query 16-Dec-2015 11:27:51.195 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed 16-Dec-2015 11:27:51.195 general: exiting (due to assertion failure) 16-Dec-2015 12:54:55.002 client: client 10.204.10.25#10198: recursive-clients soft limit exceeded (9901/9900/10000), aborting oldest query 16-Dec-2015 12:54:55.765 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed 16-Dec-2015 12:54:55.765 general: exiting (due to assertion failure) 16-Dec-2015 13:47:52.001 client: client 1.40.136.246#58047: recursive-clients soft limit exceeded (9901/9900/10000), aborting oldest query 16-Dec-2015 13:47:52.285 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed 16-Dec-2015 13:47:52.285 general: exiting (due to assertion failure) This was bind-*9.8.2-0.37.rc1.el6_7.4.x86_64 We have upgraded to bind-*9.8.2-0.37.rc1.el6_7.5.x86_64, but are you saying that what we see cannot happen? Upstream commit as applied to 9.9.8: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=07970f1c57b61a06f71f0db0ce103bf31ea8f1c9 bind-9.10.3-7.P2.fc23, bind-dyndb-ldap-8.0-4.fc23, dnsperf-2.0.0.0-19.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. bind-9.10.3-7.P2.fc22, bind-dyndb-ldap-7.0-6.fc22, dnsperf-2.0.0.0-19.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |