Wind River Support Network

HomeDefectsLIN5-21991
Fixed

LIN5-21991 : Security Advisory - bind - CVE-2016-2776

Created: Sep 26, 2016    Updated: May 29, 2018
Resolved Date: Sep 28, 2016
Found In Version: 5.0.1.37
Fix Version: 5.0.1.38
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to
a Specifically Constructed Request

CVE:               CVE-2016-2776
Document Version:  1.1
Posting date:      2016-09-28
Program Impacted:  BIND
Versions affected: 9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3,
                   9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1
Severity:          High
Exploitable:       Remotely

Description:

    Testing by ISC has uncovered a critical error condition which can
    occur when a nameserver is constructing a response.  A defect in the
    rendering of messages into packets can cause named to exit with an
    assertion failure in buffer.c while constructing a response to a
    query that meets certain criteria.

    This assertion can be triggered even if the apparent source address
    isn't allowed to make queries (i.e. doesn't match 'allow-query').

Impact:

    All servers are vulnerable if they can receive request packets from
    any source.

CVSS Score:  7.8
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Other Downloads


Live chat
Online