Bug 1385450 (CVE-2016-2848) - CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options
Summary: CVE-2016-2848 bind: assertion failure triggered by a packet with malformed op...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-2848
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1385452 1385453 1385454 1385455 1386548 1386549 1386550 1386551 1386552
Blocks: 1383236
TreeView+ depends on / blocked
 
Reported: 2016-10-17 05:02 UTC by Dhiru Kholia
Modified: 2021-02-17 03:11 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet.
Clone Of:
Environment:
Last Closed: 2016-10-25 10:42:43 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2093 0 normal SHIPPED_LIVE Important: bind security update 2016-10-21 00:40:07 UTC
Red Hat Product Errata RHSA-2016:2094 0 normal SHIPPED_LIVE Important: bind97 security update 2016-10-20 23:19:47 UTC
Red Hat Product Errata RHSA-2016:2099 0 normal SHIPPED_LIVE Important: bind security update 2016-10-25 12:47:07 UTC

Description Dhiru Kholia 2016-10-17 05:02:43 UTC 
A packet with a malformed options section can be used to deliberately trigger an assertion failure affecting versions of BIND which do not contain change #3548.

A server vulnerable to this defect can be forced to exit with an assertion failure if it receives a malformed packet. Authoritative and recursive servers are both vulnerable.

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=blob;f=CHANGES has more information on change #3548. The commit corresponding to this change is https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4.
Comment 6 Dhiru Kholia 2016-10-17 05:37:10 UTC 
Upstream commit:

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4
Comment 14 Tomas Hoger 2016-10-20 18:19:58 UTC 
Public now via ISC upstream advisory.

External References:

https://kb.isc.org/article/AA-01433
Comment 15 errata-xmlrpc 2016-10-20 19:20:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2016:2094 https://rhn.redhat.com/errata/RHSA-2016-2094.html
Comment 16 errata-xmlrpc 2016-10-20 20:40:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2016:2093 https://rhn.redhat.com/errata/RHSA-2016-2093.html
Comment 17 errata-xmlrpc 2016-10-25 08:48:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support
  Red Hat Enterprise Linux 6.6 Extended Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support
  Red Hat Enterprise Linux 6.2 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Telco Extended Update Support

Via RHSA-2016:2099 https://rhn.redhat.com/errata/RHSA-2016-2099.html
Note You need to log in before you can comment on or make changes to this bug.