Bug 1378380 (CVE-2016-2776)
Summary: | CVE-2016-2776 bind: assertion failure in buffer.c while building responses to a specifically constructed request | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhiru Kholia <dkholia> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | fweimer, jeharris, jrusnack, mdshaikh, mjc, security-response-team, slawomir, thozza, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | bind 9.9.9-P3, bind 9.10.4-P3 | Doc Type: | If docs needed, set a value |
Doc Text: |
A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-09-28 20:03:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1379214, 1379215, 1379219, 1379220, 1379247, 1379249, 1379818, 1379819, 1384591, 1384592, 1384593, 1384594, 1384808, 1429957 | ||
Bug Blocks: | 1378299 |
Description
Dhiru Kholia
2016-09-22 10:11:33 UTC
Acknowledgments: Name: ISC Created bind tracking bugs for this issue: Affects: fedora-all [bug 1379818] Created bind99 tracking bugs for this issue: Affects: fedora-all [bug 1379819] External References: https://kb.isc.org/article/AA-01419/0 This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2016:1945 https://rhn.redhat.com/errata/RHSA-2016-1945.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2016:1944 https://rhn.redhat.com/errata/RHSA-2016-1944.html An exploit for this flaw is now public. For details see the following links, https://github.com/infobyte/CVE-2016-2776/blob/master/namedown.py https://github.com/rapid7/metasploit-framework/pull/7382 http://blog.infobytesec.com/2016/10/a-tale-of-dns-packet-cve-2016-2776.html Upstream commit: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=2bd0922cf995b9ac205fc83baf7e220b95c6bf12 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Red Hat Enterprise Linux 6.6 Extended Update Support Red Hat Enterprise Linux 6.5 Advanced Update Support Red Hat Enterprise Linux 6.4 Advanced Update Support Red Hat Enterprise Linux 6.2 Advanced Update Support Red Hat Enterprise Linux 6.5 Telco Extended Update Support Via RHSA-2016:2099 https://rhn.redhat.com/errata/RHSA-2016-2099.html |