Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1385450 - (CVE-2016-2848) CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options
CVE-2016-2848 bind: assertion failure triggered by a packet with malformed op...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20161020,repo...
: Security
Depends On: 1385452 1385453 1385454 1385455 1386548 1386549 1386550 1386551 1386552
Blocks: 1383236
  Show dependency treegraph
 
Reported: 2016-10-17 01:02 EDT by Dhiru Kholia
Modified: 2016-11-08 10:54 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-10-25 06:42:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2093 normal SHIPPED_LIVE Important: bind security update 2016-10-20 20:40:07 EDT
Red Hat Product Errata RHSA-2016:2094 normal SHIPPED_LIVE Important: bind97 security update 2016-10-20 19:19:47 EDT
Red Hat Product Errata RHSA-2016:2099 normal SHIPPED_LIVE Important: bind security update 2016-10-25 08:47:07 EDT

  None (edit)
Description Dhiru Kholia 2016-10-17 01:02:43 EDT 
A packet with a malformed options section can be used to deliberately trigger an assertion failure affecting versions of BIND which do not contain change #3548.

A server vulnerable to this defect can be forced to exit with an assertion failure if it receives a malformed packet. Authoritative and recursive servers are both vulnerable.

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=blob;f=CHANGES has more information on change #3548. The commit corresponding to this change is https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4.
Comment 14 Tomas Hoger 2016-10-20 14:19:58 EDT 
Public now via ISC upstream advisory.

External References:

https://kb.isc.org/article/AA-01433
Comment 15 errata-xmlrpc 2016-10-20 15:20:01 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2016:2094 https://rhn.redhat.com/errata/RHSA-2016-2094.html
Comment 16 errata-xmlrpc 2016-10-20 16:40:32 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2016:2093 https://rhn.redhat.com/errata/RHSA-2016-2093.html
Comment 17 errata-xmlrpc 2016-10-25 04:48:44 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support
  Red Hat Enterprise Linux 6.6 Extended Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support
  Red Hat Enterprise Linux 6.2 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Telco Extended Update Support

Via RHSA-2016:2099 https://rhn.redhat.com/errata/RHSA-2016-2099.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.