Actu
Vigil@nce - ISC BIND: assertion error via APL
March 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force an assertion error by sending APL data to
some configurations of ISC BIND, in order to trigger a denial of
service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD,
HP-UX, BIND, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware,
SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 20/01/2016.
DESCRIPTION OF THE VULNERABILITY
The ISC BIND product uses the APL structure to store "rdata"
records.
These APL data are used by:
– Slaves using text-format db files receiving a record in a zone
transfer from their master.
– Masters using text-format db files accepting a record in a DDNS
update message.
– Recursive resolvers when debug logging.
– A server which has cached a record while performing ’rndc
dumpdb’.
However, when APL data are too long, an assertion error occurs
because developers did not except this case, which stops the
process.
An attacker can therefore force an assertion error by sending APL
data to some configurations of ISC BIND, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/ISC-BIND-assertion-error-via-APL-18766
