Bugzilla – Bug 989528
VUL-1: CVE-2016-2775: bind: lwresd: A query name which is too long can cause a segmentation fault
Last modified: 2020-09-24 14:58:09 UTC
https://kb.isc.org/article/AA-01393/ Although not commonly used, the BIND package contains provisions to allow systems to resolve names using the lightweight resolver protocol, a protocol similar to (but distinct from) the normal DNS protocols. The lightweight resolver protocol can be used either by running the lwresd utility installed with BIND or by configuring named using the "lwres" statement in named.conf. An error has been discovered in the BIND implementation of the lightweight resolver protocol affecting systems which use this alternate method to do name resolution. CVE: CVE-2016-2775 Document Version: 2.0 Posting date: 18 July 2016 Program Impacted: BIND Versions affected: 9.0.x -> 9.9.9-P1, 9.10.0->9.10.4-P1, 9.11.0a3->9.11.0b1 Severity: Medium Exploitable: Remotely (if lwresd is configured to accept remote client connections) Description: If the lightweight resolver is asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length, the server can terminate due to an error. Impact: A server which is affected by this defect will terminate with a segmentation fault error, resulting in a denial of service to client programs attempting to resolve names. CVSS Score: 5.4 if the server is configured to accept requests from the network. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:C) For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:N/A:C) Workarounds: None. Active exploits: No known active exploits, but the bug has been publicly disclosed in an open bug repository operated by Red Hat. Fixed versions: BIND 9 version 9.9.9-P2 BIND 9 version 9.10.4-P2 BIND 9 version 9.11.0b2 BIND 9 version 9.9.9-S3 Document Revision History: 1.0 Advance Notification, 14 July 2016 2.0 Public Disclosure, 18 July 2016 References: https://bugzilla.redhat.com/show_bug.cgi?id=1357803 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2775 http://seclists.org/oss-sec/2016/q3/106 https://kb.isc.org/article/AA-01393/74/CVE-2016-2775
bugbot adjusting priority
(In reply to Andreas Stieger from comment #1) *Correction* of the previous evaluation: The issue affects the standalone lwresd daemon as contained in the bind-lwresd package, which is only shipped on openSUSE. The issue *also* affects named as contained in the bind package, which is shipped on SLES. It is affected when using the "lwres" statement in named.conf, which is not the default configuration.
The patch for this issue https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;h=38cc2d14e218e536e0102fa70deef99461354232
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2017-01-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63332
SUSE-SU-2017:0998-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1020983,1033466,1033467,1033468,987866,989528 CVE References: CVE-2016-2775,CVE-2016-6170,CVE-2017-3136,CVE-2017-3137,CVE-2017-3138 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): bind-9.9.9P1-59.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): bind-9.9.9P1-59.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): bind-9.9.9P1-59.1 SUSE Linux Enterprise Server 12-SP2 (src): bind-9.9.9P1-59.1 SUSE Linux Enterprise Server 12-SP1 (src): bind-9.9.9P1-59.1 SUSE Linux Enterprise Desktop 12-SP2 (src): bind-9.9.9P1-59.1 SUSE Linux Enterprise Desktop 12-SP1 (src): bind-9.9.9P1-59.1
SUSE-SU-2017:0999-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1033466,1033467,1033468,987866,989528 CVE References: CVE-2016-2775,CVE-2016-6170,CVE-2017-3136,CVE-2017-3137,CVE-2017-3138 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): bind-9.9.9P1-28.34.1 SUSE Linux Enterprise Server 12-LTSS (src): bind-9.9.9P1-28.34.1
SUSE-SU-2017:1000-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1033466,1033467,1033468,987866,989528 CVE References: CVE-2016-2775,CVE-2016-6170,CVE-2017-3136,CVE-2017-3137,CVE-2017-3138 Sources used: SUSE OpenStack Cloud 5 (src): bind-9.9.6P1-0.44.1 SUSE Manager Proxy 2.1 (src): bind-9.9.6P1-0.44.1 SUSE Manager 2.1 (src): bind-9.9.6P1-0.44.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): bind-9.9.6P1-0.44.1 SUSE Linux Enterprise Server 11-SP4 (src): bind-9.9.6P1-0.44.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): bind-9.9.6P1-0.44.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): bind-9.9.6P1-0.44.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): bind-9.9.6P1-0.44.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): bind-9.9.6P1-0.44.1
openSUSE-SU-2017:1063-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1020983,1033466,1033467,1033468,987866,989528 CVE References: CVE-2016-2775,CVE-2016-6170,CVE-2017-3136,CVE-2017-3137,CVE-2017-3138 Sources used: openSUSE Leap 42.2 (src): bind-9.9.9P1-48.3.1 openSUSE Leap 42.1 (src): bind-9.9.9P1-51.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2019-06-06. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64276
Done