Arch Linux Security Advisory ASA-201603-7
========================================
Severity: High
Date    : 2016-03-09
CVE-ID  : CVE-2016-1285 CVE-2016-1286
Package : bind
Type    : denial of service
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package bind before version 9.10.3.P4-1 is vulnerable to denial of
service.

Resolution
=========
Upgrade to 9.10.3.P4-1.

# pacman -Syu "bind>=9.10.3.P4-1"

The problem has been fixed upstream in version 9.9.8-P4 and 9.10.3.P4.

Workaround
=========
- CVE-2016-1285:

Restrict access to the control channel (by using the "controls"
configuration statement in named.conf) to allow connection only from
trusted systems.

Note that if no "controls" statement is present, named defaults to
allowing control channel connections only from localhost (127.0.0.1 and
::1) if and only if the file rndc.key exists in the configuration
directory and contains valid key syntax.  If rndc.key is not present and
no "controls" statement is present in named.conf, named will not accept
commands on the control channel.

- CVE-2016-1286:

None.

Description
==========
- CVE-2016-1285:

Testing by ISC has uncovered a defect in control channel input handling
which can cause named to exit due to an assertion failure in sexpr.c or
alist.c when a malformed packet is sent to named's control channel (the
interface which allows named to be controlled using the 'rndc" server
control utility).

This assertion occurs before authentication but after
network-address-based access controls have been applied.  Or in other
words:  an attacker does not need to have a key or other authentication,
but does need to be within the address list specified in the "controls"
statement in named.conf which enables the control channel.  If no
"controls" statement is present in named.conf, named still defaults to
listening for control channel information on loopback addresses
(127.0.0.1 and ::1) if the file rndc.key is present in the configuration
directory and contains a valid key.

A search for similar problems revealed an associated defect in the rndc
server control utility whereby a malformed response from the server
could cause the rndc program to crash.  For completeness, it is being
fixed at the same time even though this defect in the rndc utility is
not in itself exploitable.

- CVE-2016-1286:

An error when parsing signature records for DNAME records having
specific properties can lead to named exiting due to an assertion
failure in resolver.c or db.c.

Impact
=====
A remote attacker can crash a vulnerable bind server, authoritative or
recursive, by sending a crafted response to a query or, if allowed by
the network-address-based ACLs, by sending a crafted packet to the
control channel.

References
=========
https://kb.isc.org/docs/aa-01352
https://kb.isc.org/docs/aa-01353
https://access.redhat.com/security/cve/CVE-2016-1285
https://access.redhat.com/security/cve/CVE-2016-1286

ArchLinux: 201603-7: bind: denial of service

March 10, 2016

Summary

- CVE-2016-1285: Testing by ISC has uncovered a defect in control channel input handling which can cause named to exit due to an assertion failure in sexpr.c or alist.c when a malformed packet is sent to named's control channel (the interface which allows named to be controlled using the 'rndc" server control utility).
This assertion occurs before authentication but after network-address-based access controls have been applied. Or in other words: an attacker does not need to have a key or other authentication, but does need to be within the address list specified in the "controls" statement in named.conf which enables the control channel. If no "controls" statement is present in named.conf, named still defaults to listening for control channel information on loopback addresses (127.0.0.1 and ::1) if the file rndc.key is present in the configuration directory and contains a valid key.
A search for similar problems revealed an associated defect in the rndc server control utility whereby a malformed response from the server could cause the rndc program to crash. For completeness, it is being fixed at the same time even though this defect in the rndc utility is not in itself exploitable.
- CVE-2016-1286:
An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c.

Resolution

Upgrade to 9.10.3.P4-1. # pacman -Syu "bind>=9.10.3.P4-1"
The problem has been fixed upstream in version 9.9.8-P4 and 9.10.3.P4.

References

https://kb.isc.org/docs/aa-01352 https://kb.isc.org/docs/aa-01353 https://access.redhat.com/security/cve/CVE-2016-1285 https://access.redhat.com/security/cve/CVE-2016-1286

Severity
Package : bind
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

- CVE-2016-1285: Restrict access to the control channel (by using the "controls" configuration statement in named.conf) to allow connection only from trusted systems.
Note that if no "controls" statement is present, named defaults to allowing control channel connections only from localhost (127.0.0.1 and ::1) if and only if the file rndc.key exists in the configuration directory and contains valid key syntax. If rndc.key is not present and no "controls" statement is present in named.conf, named will not accept commands on the control channel.
- CVE-2016-1286:
None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved