bind: denial of service

2016-01-21T00:00:00
ID ASA-201601-21
Type archlinux
Reporter Arch Linux
Modified 2016-01-21T00:00:00

Description

  • CVE-2015-8704 (denial of service)

A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. A server could exit while performing certain string formatting operations. Examples include (but may not be limited to):

1) Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer from their master. 2) Masters using text-format db files could be vulnerable if they accept a malformed record in a DDNS update message. 3) Recursive resolvers are potentially vulnerable when debug logging, if they are fed a deliberately malformed record by a malicious server. 4) A server which has cached a specially constructed record could encounter this condition while performing 'rndc dumpdb'.

  • CVE-2015-8705 (denial of service)

In versions of BIND 9.10, errors can occur when OPT pseudo-RR data or ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the issue may result in a REQUIRE assertion failure in buffer.c resulting in application exit. This issue can affect both authoritative and recursive servers if they are performing debug logging. It may also crash related tools which use the same code, such as dig or delv.