| Summary: | <net-dns/bind{,-tools}-9.10.3_p4: Specific APL data could trigger an INSIST in apl_42.c causing BIND named to exit (CVE-2015-{8704,8705}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | idl0r |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2016/01/19/19 | ||
| Whiteboard: | B3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
net-dns/bind-9.10.3_p3 has just been added. (In reply to Christian Ruppert (idl0r) from comment #1) > net-dns/bind-9.10.3_p3 has just been added. do we need to stabilize also a newer bind-tools? (In reply to Agostino Sarubbo from comment #2) > (In reply to Christian Ruppert (idl0r) from comment #1) > > net-dns/bind-9.10.3_p3 has just been added. > > do we need to stabilize also a newer bind-tools? Not this time. Thanks! Added to existing GLSA. CVE-2015-8705 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8705): buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. CVE-2015-8704 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8704): apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. This issue was resolved and addressed in GLSA 201610-07 at https://security.gentoo.org/glsa/201610-07 by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : CVE: CVE-2015-8704 Document Version: 2.0 Posting date: 19 January 2016 Program Impacted: BIND Versions affected: 9.3.0->9.8.8, 9.9.0->9.9.8-P2, 9.9.3-S1->9.9.8-S3, 9.10.0->9.10.3-P2 Severity: High Exploitable: Remotely Description: A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. Impact: A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations. Examples include (but may not be limited to): - Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer from their master. - Masters using text-format db files could be vulnerable if they accept a malformed record in a DDNS update message. - Recursive resolvers are potentially vulnerable when debug logging, if they are fed a deliberately malformed record by a malicious server. - A server which has cached a specially constructed record could encounter this condition while performing 'rndc dumpdb'. Please Note: Versions of BIND from 9.3 through 9.8 are also affected, but these branches are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. For current information on which versions are actively supported, please see http://www.isc.org/downloads/. CVSS Score: 6.8 CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C) For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:N/A:C) Workarounds: None Active exploits: No known active exploits. Solution: Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads. - BIND 9 version 9.9.8-P3 - BIND 9 version 9.10.3-P3 BIND 9 Supported Preview edition is a feature preview version of BIND provided exclusively to eligible ISC Support customers. - BIND 9 version 9.9.8-S4 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.