Wind River Support Network


LIN6-11814 : Security Advisory - bind - CVE-2016-2776

Created: Sep 26, 2016    Updated: Dec 3, 2018
Resolved Date: Sep 28, 2016
Found In Version: 6.0
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to
a Specifically Constructed Request

CVE:               CVE-2016-2776
Document Version:  1.1
Posting date:      2016-09-28
Program Impacted:  BIND
Versions affected: 9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3,
                   9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1
Severity:          High
Exploitable:       Remotely


    Testing by ISC has uncovered a critical error condition which can
    occur when a nameserver is constructing a response.  A defect in the
    rendering of messages into packets can cause named to exit with an
    assertion failure in buffer.c while constructing a response to a
    query that meets certain criteria.

    This assertion can be triggered even if the apparent source address
    isn't allowed to make queries (i.e. doesn't match 'allow-query').


    All servers are vulnerable if they can receive request packets from
    any source.

CVSS Score:  7.8
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Other Downloads

Live chat