754494 – BIND 9 Resolver crashes after logging an error in query.c

Bug 754494 - BIND 9 Resolver crashes after logging an error in query.c

Summary: BIND 9 Resolver crashes after logging an error in query.c

Keywords:
Status:	CLOSED DUPLICATE of bug 754398
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bind
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Adam Tkac
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-11-16 17:07 UTC by Jeffrey C. Ollie
Modified:	2013-04-30 23:50 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2011-11-16 19:38:29 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jeffrey C. Ollie 2011-11-16 17:07:14 UTC

https://lists.isc.org/pipermail/bf-announce/2011-November/000229.html

Last night a large number of recursive operators had BIND crashes at the
same time. ISC then issued the following public advisory:
https://www.isc.org/software/bind/advisories/cve-2011-tbd

We are releasing mitigation code to you, our customers, at 8:30am PST,
to aid you in managing this issue. In no less than one hour (at or after
9:30am PST) ISC will release mitigation code to the public for this issue.

Interim Advisory:

*Title:* BIND 9 Resolver crashes after logging an error in query.c

*Summary:* Organizations across the Internet reported crashes
interrupting service on BIND 9 nameservers performing RECURSIVE queries.
Affected servers crashed after logging an error in query.c with the
following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))"

Multiple versions were reported being affected, including all currently
supported release versions of ISC BIND 9.

ISC is actively investigating the root cause and has produced patches
which prevent the crash. Further information will be made available soon.

*Document Version:* 1.1

*Posting date:* 16 November 2011

*Program Impacted:* BIND

*Versions affected:* BIND 9.4-ESV-R, BIND 9.6-ESV-R, BIND 9.7, BIND 9.8

*Exploitable:* Remotely

*Description:* An as-yet unidentified network event caused BIND 9
resolvers to cache an invalid record, subsequent queries for which could
crash the resolvers with an assertion failure. ISC is working on
determining the ultimate cause by which a record with this particular
inconsistency is cached.At this time we are making available a patch
which makes named recover gracefully from the inconsistency, preventing
the abnormal exit.

The patch has two components. When a client query is handled, the code
which processes the response to the client has to ask the cache for the
records for the name that is being queried. The first component of the
patch prevents the cache from returning the inconsistent data. The
second component prevents named from crashing if it detects that it has
been given an inconsistent answer of this nature.

Severity: High

*CVSS Score:* 7.8

*CVSS Equation:* (AV:N/AC:L/Au:N/C:N/I:N/A:C)

For more information on the Common Vulnerability Scoring System and to
obtain your specific environmental score please visit:
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C
<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=%28AV:N/AC:L/Au:N/C:N/I:N/A:C>)

*Workarounds:*

No workarounds are known. The solution is to upgrade. Upgrade BIND to
one of the following patched versions:

9.4-ESV-R5-P1 has been published to:
ftp://ftp.isc.org/isc/bind9/private/973aa955cb3020fb

9.6-ESV-R5-P1 has been published to:
ftp://ftp.isc.org/isc/bind9/private/41eb13f25615ed36

9.7.4-P1 has been published to:
ftp://ftp.isc.org/isc/bind9/private/c88862ecdcade50e

9.8.1-P1 has been published to:
ftp://ftp.isc.org/isc/bind9/private/afa41f8203d50bed

*Solution:*

Patches mitigating the issue are available at:

*Exploit Status:*

ISC is receiving multiple reports and working with multiple customers on
this issue. Please E-mail all questions, packet captures, and details to
security-officer at isc.org <mailto:security-officer at isc.org>

*Acknowledgment:* Simutaneously reported by multiple people in the DNS
community. Thank you to everyone who has provided and continues to
provide information.

*Document Revision History*

1.0 16 November 2011 - Interim Advisory

1.1 16 November 2011 - Mitigation patches, further information

*References:*

*- Do you have Questions?* Questions regarding this advisory should go
to security-officer at isc.org <mailto:security-officer at isc.org>.

*- ISC Security Vulnerability Disclosure Policy:* Details of our current
security advisory policy and practice can be found here:
<https://www.isc.org/security-vulnerability-disclosure-policy>https://www.isc.org/security-vulnerability-disclosure-policy

*Legal Disclaimer:*

Internet Systems Consortium (ISC) is providing this notice on an "AS IS"
basis. No warranty or guarantee of any kind is expressed in this notice
and none should be implied. ISC expressly excludes and disclaims any
warranties regarding this notice or materials referred to in this
notice, including, without limitation, any inferred warranty of
merchantability, fitness for a particular purpose, absence of hidden
defects, or of non-infringement. Your use of, or reliance on, this
notice or materials referred to in this notice is at your own risk. ISC
may change this notice at any time.

A stand-alone copy or paraphrase of the text of this document that omits
the distribution URL in the following section is an uncontrolled copy.
Uncontrolled copies may lack important information, be out of date, or
contain factual errors.

Comment 1 Adam Tkac 2011-11-16 19:38:29 UTC


*** This bug has been marked as a duplicate of bug 754398 ***

Note You need to log in before you can comment on or make changes to this bug.