Fixed
Created: Sep 26, 2016
Updated: Dec 3, 2018
Resolved Date: Sep 28, 2016
Found In Version: 6.0
Fix Version: 6.0.0.31
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace
CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to
a Specifically Constructed Request
CVE: CVE-2016-2776
Document Version: 1.1
Posting date: 2016-09-28
Program Impacted: BIND
Versions affected: 9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3,
9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1
Severity: High
Exploitable: Remotely
Description:
Testing by ISC has uncovered a critical error condition which can
occur when a nameserver is constructing a response. A defect in the
rendering of messages into packets can cause named to exit with an
assertion failure in buffer.c while constructing a response to a
query that meets certain criteria.
This assertion can be triggered even if the apparent source address
isn't allowed to make queries (i.e. doesn't match 'allow-query').
Impact:
All servers are vulnerable if they can receive request packets from
any source.
CVSS Score: 7.8
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
