1389652 – (CVE-2016-8864) CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer

Bug 1389652 (CVE-2016-8864) - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer

Summary: CVE-2016-8864 bind: assertion failure while handling responses containing a D...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-8864
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:	Petr Sklenar
Docs Contact:
URL:
Whiteboard:
Depends On:	1390127 1390128 1390129 1390130 1390131 1390159 1391319 1391320 1398197 1398199 1398200 1398201 1398202 1457186
Blocks:	1389641
TreeView+	depends on / blocked

Reported:	2016-10-28 06:12 UTC by Dhiru Kholia
Modified:	2021-02-17 03:06 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
Clone Of:
Environment:
Last Closed:	2016-12-06 11:25:12 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:2141	normal	SHIPPED_LIVE	Important: bind security update	2016-11-02 21:38:01 UTC
Red Hat Product Errata	RHSA-2016:2142	normal	SHIPPED_LIVE	Important: bind97 security update	2016-11-02 20:07:20 UTC
Red Hat Product Errata	RHSA-2016:2615	normal	SHIPPED_LIVE	Important: bind security update	2016-11-03 17:06:18 UTC
Red Hat Product Errata	RHSA-2016:2871	normal	SHIPPED_LIVE	Important: bind security update	2016-12-06 10:35:35 UTC
Red Hat Product Errata	RHSA-2017:1583	normal	SHIPPED_LIVE	Important: bind security and bug fix update	2017-06-28 13:00:18 UTC

Description Dhiru Kholia 2016-10-28 06:12:18 UTC

A defect in BIND's handling of responses containing a DNAME answer
can cause a resolver to exit after encountering an assertion failure
in db.c or resolver.c

During processing of a recursive response that contains a DNAME
record in the answer section, BIND can stop execution after
encountering an assertion error in resolver.c (error message:
"INSIST((valoptions & 0x0002U) != 0) failed") or db.c (error
message: "REQUIRE(targetp != ((void *)0) && *targetp == ((void
*)0)) failed").

A server encountering either of these error conditions will stop,
resulting in denial of service to clients. The risk to authoritative
servers is minimal; recursive servers are chiefly at risk.

Comment 1 Dhiru Kholia 2016-10-28 06:12:30 UTC

Acknowledgments:

Name: ISC
Upstream: Tony Finch (University of Cambridge), Marco Davids (SIDN Labs)

Comment 8 Dhiru Kholia 2016-11-02 04:42:35 UTC

External References:

https://kb.isc.org/article/AA-01434

Comment 9 Dhiru Kholia 2016-11-02 07:44:12 UTC

Public via http://seclists.org/oss-sec/2016/q4/300

Comment 10 errata-xmlrpc 2016-11-02 18:25:07 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2016:2142 https://rhn.redhat.com/errata/RHSA-2016-2142.html

Comment 11 errata-xmlrpc 2016-11-02 18:29:22 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2016:2141 https://rhn.redhat.com/errata/RHSA-2016-2141.html

Comment 12 Robert Scheck 2016-11-02 21:11:15 UTC

Is there a specific reason that no bug reports for Fedora were opened, too?
Fedora 23+ are shipping bind-9.10.4-2.P3, but not P4 currently.

Comment 13 Dhiru Kholia 2016-11-03 03:57:44 UTC

Created bind tracking bugs for this issue:

Affects: fedora-all [bug 1391319]

Comment 14 Dhiru Kholia 2016-11-03 03:58:19 UTC

Created bind99 tracking bugs for this issue:

Affects: fedora-all [bug 1391320]

Comment 15 errata-xmlrpc 2016-11-04 09:04:23 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2615 https://rhn.redhat.com/errata/RHSA-2016-2615.html

Comment 17 errata-xmlrpc 2016-12-06 05:35:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.2 Advanced Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.7 Extended Update Support
  Red Hat Enterprise Linux 6.5 Telco Extended Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support

Via RHSA-2016:2871 https://rhn.redhat.com/errata/RHSA-2016-2871.html

Comment 19 errata-xmlrpc 2017-06-28 09:01:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Extended Update Support

Via RHSA-2017:1583 https://access.redhat.com/errata/RHSA-2017:1583

Note You need to log in before you can comment on or make changes to this bug.