[3.4] bind: A problem handling responses containing a DNAME answer can lead to an assertion failure (CVE-2016-8864)
During processing of a recursive response that contains a DNAME record
in the answer section,
BIND can stop execution after encountering an assertion error in
resolver.c (error message: “INSIST ((valoptions & 0x0002U) != 0)
failed”)
or db.c (error message: “REQUIRE (targetp != ((void *)0) && targetp
== ((void)0)) failed”).
A server encountering either of these error conditions will stop,
resulting in denial of service to clients.
The risk to authoritative servers is minimal; recursive servers are
chiefly at risk.
Affected versions:
9.0.x ->9.8.x, 9.9.0 ->9.9.9-P3, 9.9.3-S1 ->9.9.9-S5, 9.10.0 ->9.10.4-P3, 9.11.0
Fixed in:
BIND 9 version 9.10.4-P4
Reference:
https://kb.isc.org/article/AA-01434/0
(from redmine: issue id 6421, created on 2016-11-03, closed on 2017-09-05)
- Relations:
- parent #6420 (closed)