[dns-operations] not CVE 2015-8000, but CVE 2015-8461 actively exploited yesterday
John W. O'Brien
obrienjw at upenn.edu
Thu Dec 17 12:54:13 UTC 2015
On 12/17/15 12:22 AM, Nick Urbanik wrote:
> Can anyone confirm whether this log entry matches the symptom of CVE
> 2015-8461? The CVE description could refer to yet another assertion
> failure in resolver.c in BIND. We have 11 such failures so far.
For what it's worth, the assertion reported in CVE-2015-8461 was:
resolver.c:1784: INSIST(fctx->references > 1)
This is in the main line 9.9.8 tag near the end of the fctx_query()
So, no, it does not match the symptom, but as Mukund pointed out in a
> Such bug reports sent to us, though much appreciated, waste developer
> time as we investigate the bug (because the backtrace looks new) and
> see that it has already been addressed in the current releases.
>> about 25 hours ago, with entries in logs like this:
>> 06:29:47.521 general: resolver.c:3123: REQUIRE((((fctx->finds).head ==
>> ((void *)0)) ? isc_boolean_true : isc_boolean_false)) failed
>> 06:29:47.521 general: exiting (due to assertion failure)
>> These are RHEL 6. Updating to bind-*9.8.2-0.37.rc1.el6_7.5.x86_64.rpm
>> seems to address the exploit.
John W. O'Brien
Senior Network Engineer
Information Systems and Computing
University of Pennsylvania
obrienjw at upenn.edu 215-898-9818
OpenPGP key ID: 0x155016CB
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 481 bytes
Desc: OpenPGP digital signature
More information about the dns-operations