[npnog] Fwd: [dns-operations] CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request

Kabindra Shrestha kabindra at geeks.net.np
Wed Sep 28 00:32:16 NPT 2016 

FYI,

If your DNS servers run ISC Bind, don't forget to upgrade to the latest with the patch for this vulnerability...

> Severity:              High
> Exploitable:           Remotely
> 

and this makes it really really bad, so do upgrade asap.
>   This assertion can be triggered even if the apparent source
>   address isn't allowed to make queries (i.e. doesn't match
>   'allow-query').



Thanks.


> Begin forwarded message:
> 
> From: Michael McNally <mcnally at isc.org>
> Subject: [dns-operations] CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request
> Date: September 27, 2016 at 11:03:58 PM GMT+5:45
> To: dns-operations at dns-oarc.net
> 
> To whom it may concern:
> 
> Today ISC announced a serious denial-of-service vector affecting all
> prior versions of BIND 9.
> 
> The new vulnerability has been designated CVE-2016-2776.
> 
> Authoritative and recursive servers are both vulnerable and
> countermeasures via server configuration are not practical for
> a working server.  All BIND server operators are advised to read
> the vulnerability announcement and upgrade to fixed versions.
> 
> BIND vulnerabilities are generally announced via the "bind-announce"
> public list operated by ISC.
> (https://lists.isc.org/mailman/listinfo/bind-announce)
> We are additionally notifying this list because of the severity of
> this particular vulnerability.
> 
> Michael McNally
> ISC Security Officer
> 
> -----
> 
> CVE:                   CVE-2016-2776
> Document Version:      2.0
> Posting date:          2016-09-27
> Program Impacted:      BIND
> Versions affected:     9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3,
>                       9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1
> Severity:              High
> Exploitable:           Remotely
> 
> Description:
> 
>   Testing by ISC has uncovered a critical error condition which
>   can occur when a nameserver is constructing a response.  A defect
>   in the rendering of messages into packets can cause named to
>   exit with an assertion failure in buffer.c while constructing a
>   response to a query that meets certain criteria.
> 
>   This assertion can be triggered even if the apparent source
>   address isn't allowed to make queries (i.e. doesn't match
>   'allow-query').
> 
> Impact:
> 
>   All servers are vulnerable if they can receive request packets from
> any source.
> 
> CVSS Score:            7.8
> 
> CVSS Vector:           (AV:N/AC:L/Au:N/C:N/I:N/A:C)
> 
> For more information on the Common Vulnerability Scoring System and
> to obtain your specific environmental score please visit:
> http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)
> 
> Workarounds:
> 
>   No practical workarounds exist.
> 
> Active exploits:
> 
>   No known active exploits.
> 
> Solution:
> 
>   Upgrade to the patched release most closely related to your
>   current version of BIND.  These can all be downloaded from
>   http://www.isc.org/downloads.
> 
>     BIND 9 version 9.9.9-P3
>     BIND 9 version 9.10.4-P3
>     BIND 9 version 9.11.0rc3
> 
>   BIND 9 Supported Preview edition is a feature preview version of
>   BIND provided exclusively to eligible ISC Support customers.
> 
>     BIND 9 version 9.9.9-S5
> 
> Document Revision History:
> 
>   1.0 Advance Notification 2016-09-14
>   1.1 Added information about the Stable Preview release to versions
> affected.
>       Updated solution section to reflect replacing 9.11.0rc2 with
> 9.11.0rc3
>       and 9.9.9-S4 with 9.9.9-S5.
>   2.0 Posting date changed and public disclosure, 2016-09-28
> 
> Related Documents:
> 
>   See our BIND9 Security Vulnerability Matrix at
>   https://kb.isc.org/article/AA-00913 for a complete listing of
>   Security Vulnerabilities and versions affected.
> 
> If you'd like more information on ISC Subscription Support and
> Advance Security Notifications, please visit http://www.isc.org/support/.
> 
> Do you still have questions?  Questions regarding this advisory
> should go to security-officer at isc.org.  To report a new issue,
> please encrypt your message using security-officer at isc.org's PGP
> key which can be found here:
> 
>   https://www.isc.org/downloads/software-support-policy/openpgp-key
> 
> If you are unable to use encrypted email, you may also report new
> issues at: https://www.isc.org/community/report-bug/.
> 
> Note:
> 
>   ISC patches only currently supported versions. When possible we
>   indicate EOL versions affected.  (For current information on which
>   versions are actively supported, please see
> http://www.isc.org/downloads/).
> 
> ISC Security Vulnerability Disclosure Policy:
> 
>   Details of our current security advisory policy and practice can
>   be found here: https://kb.isc.org/article/AA-00861
> 
> This Knowledge Base article https://kb.isc.org/article/AA-01419 is
> the complete and official security advisory document.
> 
> Legal Disclaimer:
> 
>   Internet Systems Consortium (ISC) is providing this notice on
>   an "AS IS" basis. No warranty or guarantee of any kind is expressed
>   in this notice and none should be implied. ISC expressly excludes
>   and disclaims any warranties regarding this notice or materials
>   referred to in this notice, including, without limitation, any
>   implied warranty of merchantability, fitness for a particular
>   purpose, absence of hidden defects, or of non-infringement. Your
>   use or reliance on this notice or materials referred to in this
>   notice is at your own risk. ISC may change this notice at any
>   time.  A stand-alone copy or paraphrase of the text of this
>   document that omits the document URL is an uncontrolled copy.
>   Uncontrolled copies may lack important information, be out of
>   date, or contain factual errors.
> 
> (c) 2001-2016 Internet Systems Consortium
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.npnog.org/pipermail/npnog/attachments/20160928/5f7a68ac/attachment.sig>

More information about the npnog mailing list