CVE-2016-8864
First published: Fri Oct 28 2016(Updated: )
A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c During processing of a recursive response that contains a DNAME record in the answer section, BIND can stop execution after encountering an assertion error in resolver.c (error message: "INSIST((valoptions & 0x0002U) != 0) failed") or db.c (error message: "REQUIRE(targetp != ((void *)0) && *targetp == ((void *)0)) failed"). A server encountering either of these error conditions will stop, resulting in denial of service to clients. The risk to authoritative servers is minimal; recursive servers are chiefly at risk.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/bind9 | 1:9.11.5.P4+dfsg-5.1+deb10u7 1:9.11.5.P4+dfsg-5.1+deb10u9 1:9.16.44-1~deb11u1 1:9.18.19-1~deb12u1 1:9.19.17-1 | |
| ISC BIND 9 | >=9.0.0<9.9.9 | |
| ISC BIND 9 | >=9.10.0<9.10.4 | |
| ISC BIND 9 | =9.9.9 | |
| ISC BIND 9 | =9.9.9-beta1 | |
| ISC BIND 9 | =9.9.9-beta2 | |
| ISC BIND 9 | =9.9.9-p1 | |
| ISC BIND 9 | =9.9.9-p2 | |
| ISC BIND 9 | =9.9.9-p3 | |
| ISC BIND 9 | =9.10.4 | |
| ISC BIND 9 | =9.10.4-beta1 | |
| ISC BIND 9 | =9.10.4-beta2 | |
| ISC BIND 9 | =9.10.4-beta3 | |
| ISC BIND 9 | =9.10.4-p1 | |
| ISC BIND 9 | =9.10.4-p2 | |
| ISC BIND 9 | =9.10.4-p3 | |
| ISC BIND 9 | =9.11.0 | |
| ISC BIND 9 | =9.11.0-alpha1 | |
| ISC BIND 9 | =9.11.0-alpha2 | |
| ISC BIND 9 | =9.11.0-alpha3 | |
| ISC BIND 9 | =9.11.0-beta1 | |
| ISC BIND 9 | =9.11.0-beta2 | |
| ISC BIND 9 | =9.11.0-beta3 | |
| NetApp Data ONTAP | ||
| NetApp SolidFire & HCI Storage Node | ||
| NetApp SteelStore Cloud Integrated Storage | ||
| Red Hat Enterprise Linux Desktop | =5.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server EUS | =6.7 | |
| Red Hat Enterprise Linux Server EUS | =7.2 | |
| Red Hat Enterprise Linux Server EUS | =7.3 | |
| Red Hat Enterprise Linux Server EUS | =7.4 | |
| Red Hat Enterprise Linux Server EUS | =7.5 | |
| Red Hat Enterprise Linux Server EUS | =7.6 | |
| Red Hat Enterprise Linux Server EUS | =7.7 | |
| Red Hat Enterprise Linux Server | =5.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =6.2 | |
| Red Hat Enterprise Linux Server | =6.4 | |
| Red Hat Enterprise Linux Server | =6.5 | |
| Red Hat Enterprise Linux Server | =6.6 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Red Hat Enterprise Linux Server | =6.5 | |
| Red Hat Enterprise Linux Server | =6.6 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Red Hat Enterprise Linux Workstation | =5.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| Debian | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2016-2141.html
- http://rhn.redhat.com/errata/RHSA-2016-2142.html
- http://rhn.redhat.com/errata/RHSA-2016-2615.html
- http://rhn.redhat.com/errata/RHSA-2016-2871.html
- http://www.debian.org/security/2016/dsa-3703
- http://www.securityfocus.com/bid/94067
- http://www.securitytracker.com/id/1037156
- https://access.redhat.com/errata/RHSA-2017:1583
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687
- https://kb.isc.org/article/AA-01434
- https://kb.isc.org/article/AA-01435
- https://kb.isc.org/article/AA-01436
- https://kb.isc.org/article/AA-01437
- https://kb.isc.org/article/AA-01438
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:34.bind.asc
- https://security.gentoo.org/glsa/201701-26
- https://security.netapp.com/advisory/ntap-20180926-0005/
- http://seclists.org/oss-sec/2016/q4/300
- https://rhn.redhat.com/errata/RHSA-2016-2142.html
- https://rhn.redhat.com/errata/RHSA-2016-2141.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1391319
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1391320
- https://rhn.redhat.com/errata/RHSA-2016-2615.html
- https://rhn.redhat.com/errata/RHSA-2016-2871.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1389652
- https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=8bd0c12d53bea6f299e92d20ee0a23b16a7f65bc
- https://security-tracker.debian.org/tracker/CVE-2016-8864
Frequently Asked Questions
What is the severity of CVE-2016-8864?
The severity of CVE-2016-8864 is considered high due to the potential for a resolver to terminate unexpectedly.
How do I fix CVE-2016-8864?
To fix CVE-2016-8864, upgrade to the latest version of BIND as specified in the vulnerability report.
Which versions of BIND are affected by CVE-2016-8864?
CVE-2016-8864 affects various versions of BIND, specifically versions earlier than 9.11.0.
What impact does CVE-2016-8864 have on BIND users?
CVE-2016-8864 can cause BIND resolvers to crash, potentially leading to denial of service.
Is there a workaround for CVE-2016-8864 if I cannot update BIND?
Currently, the only recommended solution for CVE-2016-8864 is to apply the provided patches or update to a fixed version of BIND.
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-8864
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/isc
- canonical/isc bind 9
- version/isc bind 9/9.0.0
- version/isc bind 9/9.10.0
- version/isc bind 9/9.9.9
- version/isc bind 9/9.9.9-beta1
- version/isc bind 9/9.9.9-beta2
- version/isc bind 9/9.9.9-p1
- version/isc bind 9/9.9.9-p2
- version/isc bind 9/9.9.9-p3
- version/isc bind 9/9.10.4
- version/isc bind 9/9.10.4-beta1
- version/isc bind 9/9.10.4-beta2
- version/isc bind 9/9.10.4-beta3
- version/isc bind 9/9.10.4-p1
- version/isc bind 9/9.10.4-p2
- version/isc bind 9/9.10.4-p3
- version/isc bind 9/9.11.0
- version/isc bind 9/9.11.0-alpha1
- version/isc bind 9/9.11.0-alpha2
- version/isc bind 9/9.11.0-alpha3
- version/isc bind 9/9.11.0-beta1
- version/isc bind 9/9.11.0-beta2
- version/isc bind 9/9.11.0-beta3
- vendor/netapp
- canonical/netapp data ontap
- canonical/netapp solidfire & hci storage node
- canonical/netapp steelstore cloud integrated storage
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/5.0
- version/red hat enterprise linux desktop/6.0
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/6.7
- version/red hat enterprise linux server eus/7.2
- version/red hat enterprise linux server eus/7.3
- version/red hat enterprise linux server eus/7.4
- version/red hat enterprise linux server eus/7.5
- version/red hat enterprise linux server eus/7.6
- version/red hat enterprise linux server eus/7.7
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/5.0
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/6.2
- version/red hat enterprise linux server/6.4
- version/red hat enterprise linux server/6.5
- version/red hat enterprise linux server/6.6
- version/red hat enterprise linux server/7.2
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.6
- version/red hat enterprise linux server/7.7
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/5.0
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux workstation/7.0
- vendor/debian
- canonical/debian
- version/debian/8.0