bind9 CVE-2017-3137

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

bind9 CVE-2017-3137

Adrian Minta-3
Hi,
one of my servers crashed twice in the last 24 hours:

Apr 20 14:51:22 SRV named[37412]: resolver.c:4350: INSIST(fctx->type ==
((dns_rdatatype_t)dns_rdatatype_any) || fctx->type == ((dns_rda
tatype_t)dns_rdatatype_rrsig) || fctx->type ==
((dns_rdatatype_t)dns_rdatatype_sig)) failed, back trace
Apr 20 14:51:22 SRV named[37412]: #0 0x7f9bde355a00 in ??
Apr 20 14:51:22 SRV named[37412]: #1 0x7f9bdc5318ea in ??
Apr 20 14:51:22 SRV named[37412]: #2 0x7f9bddc1714e in ??
Apr 20 14:51:22 SRV named[37412]: #3 0x7f9bdc553d5b in ??
Apr 20 14:51:22 SRV named[37412]: #4 0x7f9bdbf04064 in ??
Apr 20 14:51:22 SRV named[37412]: #5 0x7f9bdb8d262d in ??
Apr 20 14:51:22 SRV named[37412]: exiting (due to assertion failure)

I suspect CVE-2017-3137 for this:
https://security-tracker.debian.org/tracker/CVE-2017-3137

# dpkg -l | grep bind9
ii  bind9 1:9.9.5.dfsg-9+deb8u10             amd64        Internet
Domain Name Server
ii  bind9-host 1:9.9.5.dfsg-9+deb8u10             amd64        Version
of 'host' bundled with BIND 9.X
ii  bind9utils 1:9.9.5.dfsg-9+deb8u10             amd64        Utilities
for BIND
ii  libbind9-90 1:9.9.5.dfsg-9+deb8u10             amd64        BIND9
Shared Library used by BIND


Any info or workaround for this vulnerability ?


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: bind9 CVE-2017-3137

Salvatore Bonaccorso-4
Hi

On Thu, Apr 20, 2017 at 03:42:13PM +0300, Adrian Minta wrote:

> Hi,
> one of my servers crashed twice in the last 24 hours:
>
> Apr 20 14:51:22 SRV named[37412]: resolver.c:4350: INSIST(fctx->type ==
> ((dns_rdatatype_t)dns_rdatatype_any) || fctx->type == ((dns_rda
> tatype_t)dns_rdatatype_rrsig) || fctx->type ==
> ((dns_rdatatype_t)dns_rdatatype_sig)) failed, back trace
> Apr 20 14:51:22 SRV named[37412]: #0 0x7f9bde355a00 in ??
> Apr 20 14:51:22 SRV named[37412]: #1 0x7f9bdc5318ea in ??
> Apr 20 14:51:22 SRV named[37412]: #2 0x7f9bddc1714e in ??
> Apr 20 14:51:22 SRV named[37412]: #3 0x7f9bdc553d5b in ??
> Apr 20 14:51:22 SRV named[37412]: #4 0x7f9bdbf04064 in ??
> Apr 20 14:51:22 SRV named[37412]: #5 0x7f9bdb8d262d in ??
> Apr 20 14:51:22 SRV named[37412]: exiting (due to assertion failure)
>
> I suspect CVE-2017-3137 for this:
> https://security-tracker.debian.org/tracker/CVE-2017-3137
>
> # dpkg -l | grep bind9
> ii  bind9 1:9.9.5.dfsg-9+deb8u10             amd64        Internet Domain
> Name Server
> ii  bind9-host 1:9.9.5.dfsg-9+deb8u10             amd64        Version of
> 'host' bundled with BIND 9.X
> ii  bind9utils 1:9.9.5.dfsg-9+deb8u10             amd64        Utilities for
> BIND
> ii  libbind9-90 1:9.9.5.dfsg-9+deb8u10             amd64        BIND9 Shared
> Library used by BIND
>
>
> Any info or workaround for this vulnerability ?

If possible test the test packages at
https://people.debian.org/~carnil/tmp/bind9/

Regards,
Salvatore

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: bind9 CVE-2017-3137

Adrian Minta-3
Hi

On 05/11/2017 04:41 PM, Salvatore Bonaccorso wrote:
> Hi
>
> If possible test the test packages at
> https://people.debian.org/~carnil/tmp/bind9/
>
> Regards,
> Salvatore
I've rebuild the bind9 packages with your patch and installed them. They
seems to work without any issues so far, at least on amd64.
I don't know how to test if the CVE-2017-3137 is fixed, other than let
it run am see if it crashes again with assertion failure.


If anyone have a POC please feel free to share !

Loading...