Wind River Support Network

HomeDefectsLIN8-4807
Fixed

LIN8-4807 : Security Advisory - bind - CVE-2016-2776

Created: Sep 26, 2016    Updated: Dec 3, 2018
Resolved Date: Sep 27, 2016
Found In Version: 8.0
Fix Version: 8.0.0.11
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to
a Specifically Constructed Request

CVE:               CVE-2016-2776
Document Version:  1.1
Posting date:      2016-09-28
Program Impacted:  BIND
Versions affected: 9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3,
                   9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1
Severity:          High
Exploitable:       Remotely

Description:

    Testing by ISC has uncovered a critical error condition which can
    occur when a nameserver is constructing a response.  A defect in the
    rendering of messages into packets can cause named to exit with an
    assertion failure in buffer.c while constructing a response to a
    query that meets certain criteria.

    This assertion can be triggered even if the apparent source address
    isn't allowed to make queries (i.e. doesn't match 'allow-query').

Impact:

    All servers are vulnerable if they can receive request packets from
    any source.

CVSS Score:  7.8
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Other Downloads


CVEs


Live chat
Online