Bug 1550602 (CVE-2018-5734)

Summary: CVE-2018-5734 bind: A malformed request can trigger an assertion failure in badcache.c
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jpopelka, mruprich, msehnout, pemensik, pzhukov, thozza, vonsch, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-01 15:16:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Mariš 2018-03-01 15:14:03 UTC 
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode.  If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information.

External References:

https://kb.isc.org/article/AA-01562/
Comment 1 Adam Mariš 2018-03-01 15:14:12 UTC 
Acknowledgments:

Name: ISC
Comment 2 Adam Mariš 2018-03-01 15:16:36 UTC 
Statement:

This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable code.