[dns-operations] CVE 2015-8000 actively exploited yesterday

Nick Urbanik nick.urbanik at optusnet.com.au
Wed Dec 16 23:50:10 UTC 2015


Dear Folks,

I'd like to report that we have had CVE 2015-8000 actively exploited
about 25 hours ago, with entries in logs like this:
06:29:47.521 general: resolver.c:3123: REQUIRE((((fctx->finds).head == ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed
06:29:47.521 general: exiting (due to assertion failure)

These are RHEL 6.  Updating to bind-*9.8.2-0.37.rc1.el6_7.5.x86_64.rpm
seems to address the exploit.

BIND really needs to have a better strategy to dealing with unexpected
input other than by dying.  Perhaps the assumption is that everyone is
using some kind of script that checks it's running, and if not,
restarts it.  If that is the case, that should be explicitly stated,
and made policy for packagers, such as Red Hat.
-- 
Nick Urbanik http://nicku.org 808-71011 nick.urbanik at optusnet.com.au
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24  ID: BB9D2C24
I disclaim, therefore I am.



More information about the dns-operations mailing list