Bug 1000362 - (CVE-2016-2776) VUL-0: CVE-2016-2776: bind: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request
(CVE-2016-2776)
VUL-0: CVE-2016-2776: bind: Assertion Failure in buffer.c While Building Resp...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P1 - Urgent : Critical
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2016-2776:7.8:(AV:N/A...
:
Depends on:
Blocks: 1001595 1001597
  Show dependency treegraph
 
Reported: 2016-09-22 08:11 UTC by Marcus Meissner
Modified: 2017-09-20 14:44 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2016-09-22 08:11:49 UTC
i have emailed for more information already
Comment 7 Swamp Workflow Management 2016-09-23 09:59:44 UTC
An update workflow for this issue was started.
This issue was rated as critical.
Please submit fixed packages until 2016-09-27.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63054
Comment 9 Swamp Workflow Management 2016-09-24 03:15:04 UTC
An update workflow for this issue was started.
This issue was rated as critical.
Please submit fixed packages until 2016-09-26.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63059
Comment 11 Andreas Stieger 2016-09-27 16:03:36 UTC
Public at https://kb.isc.org/article/AA-01419

CVE: CVE-2016-2776
Document Version: 2.0
Posting date: 2016-09-27
Program Impacted: BIND
Versions affected: 9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3, 9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1
Severity: High
Exploitable: Remotely

Description:

Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response.  A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria.

This assertion can be triggered even if the apparent source address isn't allowed to make queries (i.e. doesn't match 'allow-query').

Impact: All servers are vulnerable if they can receive request packets from any source.

CVSS Score:  7.8

CVSS Vector:  (AV:N/AC:L/Au:N/C:N/I:N/A:C)

For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Workarounds: No practical workarounds exist.

Active exploits: No known active exploits.

Solution:  Upgrade to the patched release most closely related to your current version of BIND.  These can all be downloaded from http://www.isc.org/downloads.

    BIND 9 version 9.9.9-P3
    BIND 9 version 9.10.4-P3
    BIND 9 version 9.11.0rc3

BIND 9 Supported Preview edition is a feature preview version of BIND provided exclusively to eligible ISC Support customers.

    BIND 9 version 9.9.9-S5

Document Revision History:

1.0 Advance Notification 2016-09-14
1.1 Added information about the Stable Preview release to versions affected.  Updated solution section to reflect replacing 9.11.0rc2 with 9.11.0rc3 and 9.9.9-S4 with 9.9.9-S5.
2.0 Posting date changed and public disclosure.


--------

Code public at:
ftp://ftp.isc.org/isc/bind9/9.9.9-P3/
ftp://ftp.isc.org/isc/bind9/9.10.4-P3/  
ftp://ftp.isc.org/isc/bind9/9.11.0rc3/
Comment 12 Bernhard Wiedemann 2016-09-27 18:00:44 UTC
This is an autogenerated message for OBS integration:
This bug (1000362) was mentioned in
https://build.opensuse.org/request/show/430613 13.2 / bind
https://build.opensuse.org/request/show/430615 42.1 / bind
Comment 13 Swamp Workflow Management 2016-09-27 19:10:15 UTC
SUSE-SU-2016:2399-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 1000362
CVE References: CVE-2016-2776
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    bind-9.9.9P1-46.1
SUSE Linux Enterprise Server 12-SP1 (src):    bind-9.9.9P1-46.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    bind-9.9.9P1-46.1
Comment 14 Swamp Workflow Management 2016-09-27 19:11:04 UTC
SUSE-SU-2016:2401-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 1000362
CVE References: CVE-2016-2776
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    bind-9.9.9P1-28.20.1
SUSE Linux Enterprise Server 12-LTSS (src):    bind-9.9.9P1-28.20.1
Comment 15 Swamp Workflow Management 2016-09-27 20:09:58 UTC
SUSE-SU-2016:2405-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 1000362
CVE References: CVE-2016-2776
Sources used:
SUSE OpenStack Cloud 5 (src):    bind-9.9.6P1-0.30.1
SUSE Manager Proxy 2.1 (src):    bind-9.9.6P1-0.30.1
SUSE Manager 2.1 (src):    bind-9.9.6P1-0.30.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    bind-9.9.6P1-0.30.1
SUSE Linux Enterprise Server 11-SP4 (src):    bind-9.9.6P1-0.30.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    bind-9.9.6P1-0.30.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    bind-9.9.6P1-0.30.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    bind-9.9.6P1-0.30.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    bind-9.9.6P1-0.30.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    bind-9.9.6P1-0.30.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    bind-9.9.6P1-0.30.1
Comment 17 Marcus Meissner 2016-09-28 09:04:53 UTC
all released.
Comment 18 Swamp Workflow Management 2016-09-28 09:10:02 UTC
openSUSE-SU-2016:2406-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 1000362
CVE References: CVE-2016-2776
Sources used:
openSUSE Leap 42.1 (src):    bind-9.9.9P1-39.1
openSUSE 13.2 (src):    bind-9.9.6P1-2.22.1
Comment 19 Swamp Workflow Management 2017-01-09 12:57:27 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2017-01-16.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63332