Bug 1315680 – CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1315680 - (CVE-2016-1286) CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure

Summary:	CVE-2016-1286 bind: malformed signature records for DNAME records can trigger...

Status:	CLOSED ERRATA

Aliases:	CVE-2016-1286

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=important,public=20160309,repo...
Keywords:	Security

Duplicates:	1318738 (view as bug list)
Depends On:	1315717 1315718 1315719 1315720 1315721 1315722 1316445 1316446 1318949 1318950 1318951 1322285
Blocks:	1315695 1320435 1322722
	Show dependency tree / graph

Reported:	2016-03-08 07:17 EST by Martin Prpič
Modified:	2016-04-06 08:03 EDT (History)
CC List:	11 users (show)

See Also:
Fixed In Version:	bind 9.9.8-P4, bind 9.10.3-P4, bind 9.9.8-S6
Doc Type:	Bug Fix
Doc Text:	A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-04-06 08:03:46 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:0458	normal	SHIPPED_LIVE	Important: bind97 security update	2016-03-16 12:53:36 EDT
Red Hat Product Errata	RHSA-2016:0459	normal	SHIPPED_LIVE	Important: bind security update	2016-03-16 13:34:56 EDT
Red Hat Product Errata	RHSA-2016:0562	normal	SHIPPED_LIVE	Important: bind security update	2016-03-31 17:56:54 EDT
Red Hat Product Errata	RHSA-2016:0601	normal	SHIPPED_LIVE	Important: bind security update	2016-04-06 11:14:35 EDT

Groups: None (edit)

Description Martin Prpič 2016-03-08 07:17:16 EST

The following flaw, reported by ISC, was found in BIND:

An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c.

An attacker able to cause a server to make a query deliberately chosen to generate a response containing a signature record which would exercise this vulnerability can cause named to stop execution with an assertion failure, resulting in denial of service to clients. Recursive resolvers are at the highest risk of vulnerability to this attack but authoritative-only servers may be also be vulnerable if the attacker can control the answers for records requested when the authoritative server is performing service on zones (e.g. a slave server doing SOA queries.) Servers may be affected even if they are not performing validation or have DNSSEC disabled entirely as long as they receive a response containing offending signature records. Disabling DNSSEC does not provide protection against this vulnerability.

External References:

https://kb.isc.org/article/AA-01353

Comment 1 Martin Prpič 2016-03-08 07:17:20 EST

Acknowledgments:

Name: ISC

Comment 5 Huzaifa S. Sidhpurwala 2016-03-10 04:11:27 EST

Public via:

https://kb.isc.org/article/AA-01353

Comment 6 Huzaifa S. Sidhpurwala 2016-03-10 04:36:04 EST

Created bind tracking bugs for this issue:

Affects: fedora-all [bug 1316445]

Comment 7 Huzaifa S. Sidhpurwala 2016-03-10 04:36:10 EST

Created bind99 tracking bugs for this issue:

Affects: fedora-all [bug 1316446]

Comment 8 Tomas Hoger 2016-03-15 04:47:45 EDT

Upstream commits:

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=a3d327bf1ceaaeabb20223d8de85166e940b9f12
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7602be276a73a6eb5431c5acd9718e68a55e8b61

Comment 9 errata-xmlrpc 2016-03-16 08:54:19 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2016:0458 https://rhn.redhat.com/errata/RHSA-2016-0458.html

Comment 10 errata-xmlrpc 2016-03-16 09:35:44 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2016:0459 https://rhn.redhat.com/errata/RHSA-2016-0459.html

Comment 13 errata-xmlrpc 2016-03-31 13:57:14 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Extended Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support

Via RHSA-2016:0562 https://rhn.redhat.com/errata/RHSA-2016-0562.html

Comment 14 Tomáš Hozza 2016-04-01 10:55:00 EDT

*** Bug 1318738 has been marked as a duplicate of this bug. ***

Comment 15 errata-xmlrpc 2016-04-06 07:17:15 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.2 Advanced Update Support

Via RHSA-2016:0601 https://rhn.redhat.com/errata/RHSA-2016-0601.html

Note You need to log in before you can comment on or make changes to this bug.