1385450 – (CVE-2016-2848) CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options

Bug 1385450 (CVE-2016-2848) - CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options

Summary: CVE-2016-2848 bind: assertion failure triggered by a packet with malformed op...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-2848
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1385452 1385453 1385454 1385455 1386548 1386549 1386550 1386551 1386552
Blocks:	1383236
TreeView+	depends on / blocked

Reported:	2016-10-17 05:02 UTC by Dhiru Kholia
Modified:	2021-02-17 03:11 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet.
Clone Of:
Environment:
Last Closed:	2016-10-25 10:42:43 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:2093	normal	SHIPPED_LIVE	Important: bind security update	2016-10-21 00:40:07 UTC
Red Hat Product Errata	RHSA-2016:2094	normal	SHIPPED_LIVE	Important: bind97 security update	2016-10-20 23:19:47 UTC
Red Hat Product Errata	RHSA-2016:2099	normal	SHIPPED_LIVE	Important: bind security update	2016-10-25 12:47:07 UTC

Description Dhiru Kholia 2016-10-17 05:02:43 UTC

A packet with a malformed options section can be used to deliberately trigger an assertion failure affecting versions of BIND which do not contain change #3548.

A server vulnerable to this defect can be forced to exit with an assertion failure if it receives a malformed packet. Authoritative and recursive servers are both vulnerable.

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=blob;f=CHANGES has more information on change #3548. The commit corresponding to this change is https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4.

Comment 6 Dhiru Kholia 2016-10-17 05:37:10 UTC

Upstream commit:

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4

Comment 14 Tomas Hoger 2016-10-20 18:19:58 UTC

Public now via ISC upstream advisory.

External References:

https://kb.isc.org/article/AA-01433

Comment 15 errata-xmlrpc 2016-10-20 19:20:01 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2016:2094 https://rhn.redhat.com/errata/RHSA-2016-2094.html

Comment 16 errata-xmlrpc 2016-10-20 20:40:32 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2016:2093 https://rhn.redhat.com/errata/RHSA-2016-2093.html

Comment 17 errata-xmlrpc 2016-10-25 08:48:44 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support
  Red Hat Enterprise Linux 6.6 Extended Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support
  Red Hat Enterprise Linux 6.2 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Telco Extended Update Support

Via RHSA-2016:2099 https://rhn.redhat.com/errata/RHSA-2016-2099.html

Note You need to log in before you can comment on or make changes to this bug.