Project

General

Profile

Bug #6674

bind: Multiple security issues (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444)

Added by Alicha CH over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
01/12/2017
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion

A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache.  While the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer having the required properties, after having engineered a scenario whereby an ANY query is sent to the recursive server for the target QNAME.  A recursive server will itself only send a query of type ANY if it receives a client query of type ANY for a QNAME for which it has no RRsets at all in cache, otherwise it will respond to the client with the the RRsets that it has available.

Affected versions:

9.4.0 -> 9.6-ESV-R11-W1, 9.8.5 -> 9.8.8, 9.9.3 -> 9.9.9-P4, 9.9.9-S1 -> 9.9.9-S6, 9.10.0 -> 9.10.4-P4, 9.11.0 -> 9.11.0-P1

Fixed in:

BIND 9 version 9.9.9-P5
BIND 9 version 9.10.4-P5
BIND 9 version 9.11.0-P2

Reference:

https://kb.isc.org/article/AA-01439/0

CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure

Depending on the type of query and the EDNS options in the query they receive, DNSSEC-enabled authoritative servers are expected to include RRSIG and other RRsets in their responses to recursive servers.  DNSSEC-validating servers will also make specific queries for DS and other RRsets. Whether DNSSEC-validating or not, an error in processing malformed query responses that contain DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response can trigger an assertion failure.  Although the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer.

Affected versions:

9.9.9-P4, 9.9.9-S6, 9.10.4-P4, 9.11.0-P1

Fixed in:

BIND 9 version 9.9.9-P5
BIND 9 version 9.10.4-P5
BIND 9 version 9.11.0-P2

Reference:

https://kb.isc.org/article/AA-01440/0

CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure

An unusually-formed answer containing a DS resource record could trigger an assertion failure.  While the combination of properties which triggers the assertion
should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer having the required properties.

Affected versions:

9.6-ESV-R9 -> 9.6-ESV-R11-W1, 9.8.5 -> 9.8.8, 9.9.3 -> 9.9.9-P4, 9.9.9-S1 -> 9.9.9-S6, 9.10.0 -> 9.10.4-P4, 9.11.0 -> 9.11.0-P1

Fixed in:

BIND 9 version 9.9.9-P5
BIND 9 version 9.10.4-P5
BIND 9 version 9.11.0-P2

Reference:

https://kb.isc.org/article/AA-01441/0


Subtasks

Bug #6675: [3.6] bind: Multiple security issues (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444)ClosedNatanael Copa

Bug #6676: [3.5] bind: Multiple security issues (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444)ClosedNatanael Copa

Bug #6677: [3.4] bind: Multiple security issues (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444)ClosedNatanael Copa

Bug #6678: [3.3] bind: Multiple security issues (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444)ClosedNatanael Copa

Bug #6679: [3.2] bind: Multiple security issues (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444)ClosedNatanael Copa

History

#1 Updated by Alicha CH over 2 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF