JPCERT-AT-2016-0037
JPCERT/CC
2016-09-28(Initial)
2016-10-05(Update)
<<< JPCERT/CC Alert 2016-09-28 >>>
Denial-of-service vulnerability (CVE-2016-2776) in ISC BIND 9
https://www.jpcert.or.jp/english/at/2016/at160037.html
I. Overview
ISC BIND 9 contains a vulnerability that leads to a denial-of-service
(DoS). When this vulnerability is exploited, a remote attacker may
cause named to terminate. For more details on this vulnerability,
please refer to the information provided by ISC.
Internet Systems Consortium, Inc. (ISC)
CVE-2016-2776: Assertion Failure in buffer.c While Building
Responses to a Specifically Constructed Request
https://kb.isc.org/article/AA-01419/
If you are operating an affected version of ISC BIND 9 (authoritative
DNS server, cache DNS server), please consider updating to a version
that addresses this vulnerability by referring to the information in
"III. Solution".
** Update: October 5, 2016 Update ***********************************
On October 5, 2016, National Police Agency announced the observation
on the attacks leveraging this vulnerability. JPCERT/CC has also received
reports on attacks targeting DNS. Proof-of-Concept for this vulnerability
has been released, therefore, please apply the version that address this
vulnerability as soon as possible.
National Police Agency
Observation on spam attacks leveraging vulnerability (CVE-2016-2776) in BIND (PDF) (Japanese)
https://www.npa.go.jp/cyberpolice/detect/pdf/20161005.pdf
**********************************************************************
II. Affected Systems
According to ISC, the following versions are affected by this
vulnerability. ISC has rated this vulnerability as "High".
ISC BIND
- Versions prior to 9.9.9-P2 for 9,9.x
- Versions prior to 9.10.4-P2 for 9.10.x
In addition, unsupported versions of ISC BIND 9.0.x through 9.8.x
are also affected.
For more details, please refer to the following:
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/article/AA-00913/
If you are using BIND provided by a distributor, please refer to the
information provided by that distributor.
III. Solution
ISC has released versions of ISC BIND that address this vulnerability.
Distributors are likely to provide their own versions that address
this vulnerability. Consider updating to an updated version after
thorough testing.
ISC BIND
- BIND 9 version 9.9.9-P3
- BIND 9 version 9.10.4-P3
IV. References
US-CERT
ISC Releases Security Updates for BIND
https://www.us-cert.gov/ncas/current-activity/2016/09/27/ISC-Releases-Security-Updates-BIND
Japan Registry Services (JPRS)
(Urgent) Vulnerability in BIND 9.x (DNS Service suspension) (CVE-2016-2776) (Japanese)
https://jprs.jp/tech/security/2016-09-28-bind9-vuln-rendering.html
Japan Network Information Center (JPNIC)
BIND 9 vulnerability resulting server stoppage due to unauthorized request (September, 2016) (Japanese)
https://www.nic.ad.jp/ja/topics/2016/20160928-01.html
** Update: October 5, 2016 Update ***********************************
Information-technology Promotion Agency, Japan(IPA)
Update: Regarding the countermeasures for vulnerability in BIND (CVE-2016-2776) (Japanese)
https://www.ipa.go.jp/security/ciadr/vul/20160929-bind.html
National Police Agency
Observation on spam attacks leveraging vulnerability (CVE-2016-2776) in BIND (PDF) (Japanese)
https://www.npa.go.jp/cyberpolice/detect/pdf/20161005.pdf
**********************************************************************
If you have any information regarding this alert, please contact
JPCERT/CC.
________
Revision History
2016-09-28 First edition
2016-10-05 Updated "I. Overview" and "III. References"
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top