[arch-security] [ASA-201601-21] bind: denial of service

Levente Polyak anthraxx at archlinux.org
Thu Jan 21 10:53:54 UTC 2016


Arch Linux Security Advisory ASA-201601-21
==========================================

Severity: High
Date    : 2016-01-21
CVE-ID  : CVE-2015-8704 CVE-2015-8705
Package : bind
Type    : denial of service
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package bind before version 9.10.3.P3-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 9.10.3.P3-1.

# pacman -Syu "bind>=9.10.3.P3-1"

The problems have been fixed upstream in version 9.10.3.P3.

Workaround
==========

None.

Description
===========

- CVE-2015-8704 (denial of service)

A buffer size check used to guard against overflow could cause named to
exit with an INSIST failure In apl_42.c.
A server could exit while performing certain string formatting
operations. Examples include (but may not be limited to):

1) Slaves using text-format db files could be vulnerable if receiving a
   malformed record in a zone transfer from their master.
2) Masters using text-format db files could be vulnerable if they
   accept a malformed record in a DDNS update message.
3) Recursive resolvers are potentially vulnerable when debug logging,
   if they are fed a deliberately malformed record by a malicious
   server.
4) A server which has cached a specially constructed record could
   encounter this condition while performing 'rndc dumpdb'.

- CVE-2015-8705 (denial of service)

In versions of BIND 9.10, errors can occur when OPT pseudo-RR data or
ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the
issue may result in a REQUIRE assertion failure in buffer.c resulting in
application exit.
This issue can affect both authoritative and recursive servers if they
are performing debug logging. It may also crash related tools which use
the same code, such as dig or delv.

Impact
======

A remote attacker is able to use specially crafted records that, when
processed, are leading to application crash resulting in denial of
service. This issue affects slaves, masters, recursive resolvers as well
as related tools which use the same code.

References
==========

https://access.redhat.com/security/cve/CVE-2015-8704
https://access.redhat.com/security/cve/CVE-2015-8705
https://kb.isc.org/article/AA-01335
https://kb.isc.org/article/AA-0133

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160121/40a77ad7/attachment.asc>


More information about the arch-security mailing list