CVE-2016-2776: possible remote denial of service in bind package (named)

This document (7018100) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)
SUSE Linux Enterprise Server 12 GA - LTSS (SLES 12 GA LTSS)

SUSE Linux Enterprise Server 11 Service Pack 4 (SLES 11 SP4)
SUSE Linux Enterprise Server 11 Service Pack 3 LTSS (SLES 11 SP3 LTSS)
SUSE Linux Enterprise Server 11 Service Pack 2 LTSS (SLES 11 SP2 LTSS)
SUSE Linux Enterprise Server 11 Service Pack 1 LTSS (SLES 11 SP1 LTSS)

SUSE Linux Enterprise Server 10 Service Pack 4 LTSS (SLES 10 SP4 LTSS)


Situation

On Wednesday, 28th of September 2016, ISC.org has published a "critical" BIND update.

A malicious attacked can abort the 'named' service with a malformed packet possibly causing a remote denial of service.

Access Control lists are likely not effective as a workaround for this problem, as the packet handling will trigger the assertion before the ACLs are handled. So if the 'named' service is listening on the network it can be aborted by this vulnerability.

This issue affects all BIND versions SUSE ships/shipped.

Resolution

SUSE has released patches for this issue:
SLES 12 SP1
  • bind = 9.9.9P1-46.1
  • bind-chrootenv = 9.9.9P1-46.1
  • bind-devel= 9.9.9P1-46.1
  • bind-doc = 9.9.9P1-46.1
  • bind-libs = 9.9.9P1-46.1
  • bind-libs-32-bit = 9.9.9P1-46.1
  • bind-utils = 9.9.9P1-46.1
SLES 12 GA LTSS
  • bind = 9.9.9P1-28.20.1
SLES 11 SP4
  • bind = 9.9.6P1-0.30.1
  • bind-chrootenv = 9.9.6P1-0.30.1
  • bind-devel = 9.9.6P1-0.30.1
  • bind-devel-32bit = 9.9.6P1-0.30.1
  • bind-doc = 9.9.6P1-0.30.1
  • bind-libs = 9.9.6P1-0.30.1
  • bind-libs-32bit = 9.9.6P1-0.30.1
  • bind-libs-x86 = 9.9.6P1-0.30.1
  • bind-utils = 9.9.6P1-0.30.1
SLES 11 SP3 LTSS
  • bind = 9.9.6P1-0.30.1
SLES 11 SP2 LTSS
  • bind = 9.9.6P1-0.30.1
SUSE highly recommends to patch impacted servers as soon as possible.

Note: For customers with valid LTSS entilements on older versions, SUSE has prepared PTFs that can be requested through Support. The versions for these are:
SLES 11 SP1 LTSS
  • bind = 9.6ESVR11W1-0.21.1
SLES 10 SP4 LTSS
  • bind = 9.6ESVR11P1-0.18.11
SLES 10 SP3 LTSS
  • bind = 9.3.4-1.59.1

Cause


Additional Information

CVE-2016-2776

Affected BIND versions are:
  • 9.0.x -> 9.8.x
  • 9.9.0->9.9.9-P2
  • 9.10.0->9.10.4-P2
  • 9.11.0a1->9.11.0rc1
Description:

Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause 'named' to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria.
This assertion can be triggered even if the apparent source address is not allowed to make queries (i.e. does not match 'allow-query').

Impact:
All servers are vulnerable if they can receive request packets from any source.
  • CVSS Score: 7.8
  • CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit nvd.nist.gov
Workaround:
No practical workaround exists at this stage
Active exploits:
No known active exploits.
Solution:

    Upgrade to the patched release most closely related to your current version of BIND.
  • BIND 9 version 9.9.9-P3
  • BIND 9 version 9.10.4-P3
  • BIND 9 version 9.11.0rc2

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7018100
  • Creation Date: 27-Sep-2016
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center