[npnog] Fwd: [dns-operations] CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request
Kabindra Shrestha
kabindra at geeks.net.np
Wed Sep 28 00:32:16 NPT 2016
FYI,
If your DNS servers run ISC Bind, don't forget to upgrade to the latest with the patch for this vulnerability...
> Severity: High
> Exploitable: Remotely
>
and this makes it really really bad, so do upgrade asap.
> This assertion can be triggered even if the apparent source
> address isn't allowed to make queries (i.e. doesn't match
> 'allow-query').
Thanks.
> Begin forwarded message:
>
> From: Michael McNally <mcnally at isc.org>
> Subject: [dns-operations] CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request
> Date: September 27, 2016 at 11:03:58 PM GMT+5:45
> To: dns-operations at dns-oarc.net
>
> To whom it may concern:
>
> Today ISC announced a serious denial-of-service vector affecting all
> prior versions of BIND 9.
>
> The new vulnerability has been designated CVE-2016-2776.
>
> Authoritative and recursive servers are both vulnerable and
> countermeasures via server configuration are not practical for
> a working server. All BIND server operators are advised to read
> the vulnerability announcement and upgrade to fixed versions.
>
> BIND vulnerabilities are generally announced via the "bind-announce"
> public list operated by ISC.
> (https://lists.isc.org/mailman/listinfo/bind-announce)
> We are additionally notifying this list because of the severity of
> this particular vulnerability.
>
> Michael McNally
> ISC Security Officer
>
> -----
>
> CVE: CVE-2016-2776
> Document Version: 2.0
> Posting date: 2016-09-27
> Program Impacted: BIND
> Versions affected: 9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3,
> 9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1
> Severity: High
> Exploitable: Remotely
>
> Description:
>
> Testing by ISC has uncovered a critical error condition which
> can occur when a nameserver is constructing a response. A defect
> in the rendering of messages into packets can cause named to
> exit with an assertion failure in buffer.c while constructing a
> response to a query that meets certain criteria.
>
> This assertion can be triggered even if the apparent source
> address isn't allowed to make queries (i.e. doesn't match
> 'allow-query').
>
> Impact:
>
> All servers are vulnerable if they can receive request packets from
> any source.
>
> CVSS Score: 7.8
>
> CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
>
> For more information on the Common Vulnerability Scoring System and
> to obtain your specific environmental score please visit:
> http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)
>
> Workarounds:
>
> No practical workarounds exist.
>
> Active exploits:
>
> No known active exploits.
>
> Solution:
>
> Upgrade to the patched release most closely related to your
> current version of BIND. These can all be downloaded from
> http://www.isc.org/downloads.
>
> BIND 9 version 9.9.9-P3
> BIND 9 version 9.10.4-P3
> BIND 9 version 9.11.0rc3
>
> BIND 9 Supported Preview edition is a feature preview version of
> BIND provided exclusively to eligible ISC Support customers.
>
> BIND 9 version 9.9.9-S5
>
> Document Revision History:
>
> 1.0 Advance Notification 2016-09-14
> 1.1 Added information about the Stable Preview release to versions
> affected.
> Updated solution section to reflect replacing 9.11.0rc2 with
> 9.11.0rc3
> and 9.9.9-S4 with 9.9.9-S5.
> 2.0 Posting date changed and public disclosure, 2016-09-28
>
> Related Documents:
>
> See our BIND9 Security Vulnerability Matrix at
> https://kb.isc.org/article/AA-00913 for a complete listing of
> Security Vulnerabilities and versions affected.
>
> If you'd like more information on ISC Subscription Support and
> Advance Security Notifications, please visit http://www.isc.org/support/.
>
> Do you still have questions? Questions regarding this advisory
> should go to security-officer at isc.org. To report a new issue,
> please encrypt your message using security-officer at isc.org's PGP
> key which can be found here:
>
> https://www.isc.org/downloads/software-support-policy/openpgp-key
>
> If you are unable to use encrypted email, you may also report new
> issues at: https://www.isc.org/community/report-bug/.
>
> Note:
>
> ISC patches only currently supported versions. When possible we
> indicate EOL versions affected. (For current information on which
> versions are actively supported, please see
> http://www.isc.org/downloads/).
>
> ISC Security Vulnerability Disclosure Policy:
>
> Details of our current security advisory policy and practice can
> be found here: https://kb.isc.org/article/AA-00861
>
> This Knowledge Base article https://kb.isc.org/article/AA-01419 is
> the complete and official security advisory document.
>
> Legal Disclaimer:
>
> Internet Systems Consortium (ISC) is providing this notice on
> an "AS IS" basis. No warranty or guarantee of any kind is expressed
> in this notice and none should be implied. ISC expressly excludes
> and disclaims any warranties regarding this notice or materials
> referred to in this notice, including, without limitation, any
> implied warranty of merchantability, fitness for a particular
> purpose, absence of hidden defects, or of non-infringement. Your
> use or reliance on this notice or materials referred to in this
> notice is at your own risk. ISC may change this notice at any
> time. A stand-alone copy or paraphrase of the text of this
> document that omits the document URL is an uncontrolled copy.
> Uncontrolled copies may lack important information, be out of
> date, or contain factual errors.
>
> (c) 2001-2016 Internet Systems Consortium
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.npnog.org/pipermail/npnog/attachments/20160928/5f7a68ac/attachment.sig>
More information about the npnog
mailing list