Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bind | Isc | 9.9.9-p6 (including) | 9.9.9-p6 (including) |
| Bind | Isc | 9.9.9-s8 (including) | 9.9.9-s8 (including) |
| Bind | Isc | 9.9.10-beta1 (including) | 9.9.10-beta1 (including) |
| Bind | Isc | 9.9.10-rc1 (including) | 9.9.10-rc1 (including) |
| Bind | Isc | 9.10.4-p6 (including) | 9.10.4-p6 (including) |
| Bind | Isc | 9.10.5-b1 (including) | 9.10.5-b1 (including) |
| Bind | Isc | 9.10.5-rc1 (including) | 9.10.5-rc1 (including) |
| Bind | Isc | 9.11.0-p3 (including) | 9.11.0-p3 (including) |
| Bind | Isc | 9.11.1-b1 (including) | 9.11.1-b1 (including) |
| Bind | Isc | 9.11.1-rc1 (including) | 9.11.1-rc1 (including) |
| Red Hat Enterprise Linux 6 | RedHat | bind-32:9.8.2-0.62.rc1.el6_9.1 | * |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | RedHat | bind-32:9.7.3-8.P3.el6_2.9 | * |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | RedHat | bind-32:9.8.2-0.17.rc1.el6_4.12 | * |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | RedHat | bind-32:9.8.2-0.23.rc1.el6_5.7 | * |
| Red Hat Enterprise Linux 6.5 Telco Extended Update Support | RedHat | bind-32:9.8.2-0.23.rc1.el6_5.7 | * |
| Red Hat Enterprise Linux 6.6 Advanced Update Support | RedHat | bind-32:9.8.2-0.30.rc1.el6_6.9 | * |
| Red Hat Enterprise Linux 6.6 Telco Extended Update Support | RedHat | bind-32:9.8.2-0.30.rc1.el6_6.9 | * |
| Red Hat Enterprise Linux 6.7 Extended Update Support | RedHat | bind-32:9.8.2-0.37.rc1.el6_7.11 | * |
| Red Hat Enterprise Linux 7 | RedHat | bind-32:9.9.4-38.el7_3.3 | * |
| Red Hat Enterprise Linux 7.2 Extended Update Support | RedHat | bind-32:9.9.4-29.el7_2.6 | * |
| Bind9 | Ubuntu | devel | * |
| Bind9 | Ubuntu | esm-infra-legacy/trusty | * |
| Bind9 | Ubuntu | esm-infra/xenial | * |
| Bind9 | Ubuntu | precise | * |
| Bind9 | Ubuntu | trusty | * |
| Bind9 | Ubuntu | trusty/esm | * |
| Bind9 | Ubuntu | vivid/stable-phone-overlay | * |
| Bind9 | Ubuntu | vivid/ubuntu-core | * |
| Bind9 | Ubuntu | xenial | * |
| Bind9 | Ubuntu | yakkety | * |
| Bind9 | Ubuntu | zesty | * |
While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service. For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.