Bug 1389652 (CVE-2016-8864) - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer
Summary: CVE-2016-8864 bind: assertion failure while handling responses containing a D...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-8864
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Petr Sklenar ⛄
URL:
Whiteboard: impact=important,public=20161101,repo...
Depends On: 1390127 1390128 1390129 1390130 1390131 1390159 1391319 1391320 1398197 1398199 1398200 1398201 1398202 1457186
Blocks: 1389641
TreeView+ depends on / blocked
 
Reported: 2016-10-28 06:12 UTC by Dhiru Kholia
Modified: 2019-06-08 21:33 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
Clone Of:
Environment:
Last Closed: 2016-12-06 11:25:12 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2141 normal SHIPPED_LIVE Important: bind security update 2016-11-02 21:38:01 UTC
Red Hat Product Errata RHSA-2016:2142 normal SHIPPED_LIVE Important: bind97 security update 2016-11-02 20:07:20 UTC
Red Hat Product Errata RHSA-2016:2615 normal SHIPPED_LIVE Important: bind security update 2016-11-03 17:06:18 UTC
Red Hat Product Errata RHSA-2016:2871 normal SHIPPED_LIVE Important: bind security update 2016-12-06 10:35:35 UTC
Red Hat Product Errata RHSA-2017:1583 normal SHIPPED_LIVE Important: bind security and bug fix update 2017-06-28 13:00:18 UTC

Description Dhiru Kholia 2016-10-28 06:12:18 UTC
A defect in BIND's handling of responses containing a DNAME answer
can cause a resolver to exit after encountering an assertion failure
in db.c or resolver.c

During processing of a recursive response that contains a DNAME
record in the answer section, BIND can stop execution after
encountering an assertion error in resolver.c (error message:
"INSIST((valoptions & 0x0002U) != 0) failed") or db.c (error
message: "REQUIRE(targetp != ((void *)0) && *targetp == ((void
*)0)) failed").

A server encountering either of these error conditions will stop,
resulting in denial of service to clients. The risk to authoritative
servers is minimal; recursive servers are chiefly at risk.

Comment 1 Dhiru Kholia 2016-10-28 06:12:30 UTC
Acknowledgments:

Name: ISC
Upstream: Tony Finch (University of Cambridge), Marco Davids (SIDN Labs)

Comment 8 Dhiru Kholia 2016-11-02 04:42:35 UTC
External References:

https://kb.isc.org/article/AA-01434

Comment 9 Dhiru Kholia 2016-11-02 07:44:12 UTC
Public via http://seclists.org/oss-sec/2016/q4/300

Comment 10 errata-xmlrpc 2016-11-02 18:25:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2016:2142 https://rhn.redhat.com/errata/RHSA-2016-2142.html

Comment 11 errata-xmlrpc 2016-11-02 18:29:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2016:2141 https://rhn.redhat.com/errata/RHSA-2016-2141.html

Comment 12 Robert Scheck 2016-11-02 21:11:15 UTC
Is there a specific reason that no bug reports for Fedora were opened, too?
Fedora 23+ are shipping bind-9.10.4-2.P3, but not P4 currently.

Comment 13 Dhiru Kholia 2016-11-03 03:57:44 UTC
Created bind tracking bugs for this issue:

Affects: fedora-all [bug 1391319]

Comment 14 Dhiru Kholia 2016-11-03 03:58:19 UTC
Created bind99 tracking bugs for this issue:

Affects: fedora-all [bug 1391320]

Comment 15 errata-xmlrpc 2016-11-04 09:04:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2615 https://rhn.redhat.com/errata/RHSA-2016-2615.html

Comment 17 errata-xmlrpc 2016-12-06 05:35:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.2 Advanced Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.7 Extended Update Support
  Red Hat Enterprise Linux 6.5 Telco Extended Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support

Via RHSA-2016:2871 https://rhn.redhat.com/errata/RHSA-2016-2871.html

Comment 19 errata-xmlrpc 2017-06-28 09:01:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Extended Update Support

Via RHSA-2017:1583 https://access.redhat.com/errata/RHSA-2017:1583


Note You need to log in before you can comment on or make changes to this bug.