The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of ISC BIND: assertion error via buffer.c

Synthesis of the vulnerability 

An attacker can force an assertion error via buffer.c of ISC BIND, in order to trigger a denial of service.
Vulnerable software: Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, Juniper J-Series, Junos OS, SRX-Series, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this announce: 3/4.
Creation date: 28/09/2016.
Références of this computer vulnerability: AA-01419, bulletinoct2016, c05321107, CERTFR-2017-AVI-111, CVE-2016-2776, DLA-645-1, DSA-2019-197, DSA-3680-1, FEDORA-2016-2d9825f7c1, FEDORA-2016-3af8b344f1, FEDORA-2016-cbef6c8619, FEDORA-2016-cca77daf70, FreeBSD-SA-16:28.bind, JSA10785, K18829561, openSUSE-SU-2016:2406-1, RHSA-2016:1944-01, RHSA-2016:1945-01, RHSA-2016:2099-01, SOL18829561, SSA:2016-271-01, SUSE-SU-2016:2399-1, SUSE-SU-2016:2401-1, SUSE-SU-2016:2405-1, USN-3088-1, VIGILANCE-VUL-20707.

Description of the vulnerability 

The ISC BIND product build replies to DNS queries in the dns_message_render*() functions of the lib/dns/message.c file.

However, the DNS_MESSAGE_HEADERLEN header size is not used to check the free space in the response to build. An assertion error thus occurs in the buffer.c file, because developers did not except this case, which stops the process.

An attacker can therefore force an assertion error via buffer.c of ISC BIND, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat bulletin impacts software or systems such as Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, Juniper J-Series, Junos OS, SRX-Series, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this security threat is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a beginner ability can exploit this computer vulnerability alert.

Solutions for this threat 

ISC BIND: version 9.10.4-P3.
The version 9.10.4-P3 is fixed:
  http://www.isc.org/downloads
  ftp://ftp.isc.org/isc/bind9/

ISC BIND: version 9.9.9-P3.
The version 9.9.9-P3 is fixed:
  http://www.isc.org/downloads
  ftp://ftp.isc.org/isc/bind9/

AIX: patch for BIND.
A patch is available:
  https://aix.software.ibm.com/aix/efixes/security/bind_fix13.tar

Debian 7: new bind9 packages.
New packages are available:
  Debian 7: bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u11

Debian 8: new bind9 packages.
New packages are available:
  Debian 8: bind9 1:9.9.5.dfsg-9+deb8u7

Dell EMC VNXe: version MR4 Service Pack 5.
The version MR4 Service Pack 5 is fixed:
  https://www.dell.com/support/

F5 BIG-IP: solution for BIND.
The solution is indicated in information sources.

Fedora: new bind99 packages.
New packages are available:
  Fedora 23: bind99 9.9.9-2.P3.fc23
  Fedora 24: bind99 9.9.9-2.P3.fc24

Fedora: new bind packages.
New packages are available:
  Fedora 23: bind 9.10.4-2.P3.fc23
  Fedora 24: bind 9.10.4-2.P3.fc24

FreeBSD: patch for BIND.
A patch is indicated in information sources.

HP-UX: BIND version 9.9.4.
BIND version 9.9.4 is fixed:
  https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=BIND

Junos: fixed versions for BIND.
Fixed versions are indicated in information sources.

openSUSE: new bind packages.
New packages are available:
  openSUSE 13.2: bind 9.9.6P1-2.22.1
  openSUSE Leap 42.1: bind 9.9.9P1-39.1

RHEL 5: new bind97 packages.
New packages are available:
  RHEL 5: bind97 9.7.0-21.P2.el5_11.7

RHEL 6.7: new bind packages.
New packages are available:
  RHEL 6: bind 9.7.3-8.P3.el6_2.5, bind 9.8.2-0.17.rc1.el6_4.9, bind 9.8.2-0.23.rc1.el6_5.4, bind 9.8.2-0.30.rc1.el6_6.6, bind 9.8.2-0.37.rc1.el6_7.8

RHEL: new bind packages.
New packages are available:
  RHEL 5: bind 9.3.6-25.P1.el5_11.9
  RHEL 6: bind 9.8.2-0.47.rc1.el6_8.1
  RHEL 7: bind 9.9.4-29.el7_2.4

Slackware: new bind packages.
New packages are available:
  Slackware 13.0: bind 9.9.9_P3-*-1_slack13.0
  Slackware 13.1: bind 9.9.9_P3-*-1_slack13.1
  Slackware 13.37: bind 9.9.9_P3-*-1_slack13.37
  Slackware 14.0: bind 9.9.9_P3-*-1_slack14.0
  Slackware 14.1: bind 9.9.9_P3-*-1_slack14.1
  Slackware 14.2: bind 9.10.4_P3-*-1_slack14.2

Solaris: patch for third party software of October 2016 v1.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SUSE LE: new bind packages.
New packages are available:
  SUSE LE 11 SP4: bind 9.9.6P1-0.30.1
  SUSE LE 12 RTM: bind 9.9.9P1-28.20.1
  SUSE LE 12 SP1: bind 9.9.9P1-46.1

Ubuntu: new bind9 packages.
New packages are available:
  Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.1
  Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.9
  Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.17
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability workaround. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.