Bug 1385450 (CVE-2016-2848) - CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options
Summary: CVE-2016-2848 bind: assertion failure triggered by a packet with malformed op...
Status: CLOSED ERRATA
Alias: CVE-2016-2848
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20161020,repo...
Keywords: Security
Depends On: 1385452 1385453 1385454 1385455 1386548 1386549 1386550 1386551 1386552
Blocks: 1383236
TreeView+ depends on / blocked
 
Reported: 2016-10-17 05:02 UTC by Dhiru Kholia
Modified: 2019-06-08 21:30 UTC (History)
4 users (show)

(edit)
A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet.
Clone Of:
(edit)
Last Closed: 2016-10-25 10:42:43 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2093 normal SHIPPED_LIVE Important: bind security update 2016-10-21 00:40:07 UTC
Red Hat Product Errata RHSA-2016:2094 normal SHIPPED_LIVE Important: bind97 security update 2016-10-20 23:19:47 UTC
Red Hat Product Errata RHSA-2016:2099 normal SHIPPED_LIVE Important: bind security update 2016-10-25 12:47:07 UTC

Description Dhiru Kholia 2016-10-17 05:02:43 UTC
A packet with a malformed options section can be used to deliberately trigger an assertion failure affecting versions of BIND which do not contain change #3548.

A server vulnerable to this defect can be forced to exit with an assertion failure if it receives a malformed packet. Authoritative and recursive servers are both vulnerable.

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=blob;f=CHANGES has more information on change #3548. The commit corresponding to this change is https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4.

Comment 14 Tomas Hoger 2016-10-20 18:19:58 UTC
Public now via ISC upstream advisory.

External References:

https://kb.isc.org/article/AA-01433

Comment 15 errata-xmlrpc 2016-10-20 19:20:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2016:2094 https://rhn.redhat.com/errata/RHSA-2016-2094.html

Comment 16 errata-xmlrpc 2016-10-20 20:40:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2016:2093 https://rhn.redhat.com/errata/RHSA-2016-2093.html

Comment 17 errata-xmlrpc 2016-10-25 08:48:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support
  Red Hat Enterprise Linux 6.6 Extended Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support
  Red Hat Enterprise Linux 6.2 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Telco Extended Update Support

Via RHSA-2016:2099 https://rhn.redhat.com/errata/RHSA-2016-2099.html


Note You need to log in before you can comment on or make changes to this bug.