Description

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

References

• BID-94067
• DEBIAN-DLA-696-1
• DEBIAN-DSA-3703
• FREEBSD-FreeBSD-SA-16:34
• GENTOO-GLSA-201701-26
• NVD-CVE-2016-8864
• REDHAT-RHSA-2016:2141
• REDHAT-RHSA-2016:2142
• REDHAT-RHSA-2016:2615
• REDHAT-RHSA-2016:2871
• REDHAT-RHSA-2017:1583
• SECTRACK-1037156
• UBUNTU-USN-3119-1

Solution

Related Vulnerabilities

• Amazon Linux AMI: CVE-2016-8864: Security patch for bind (ALAS-2016-768)
• Juniper Junos OS: 2017-04 Security Bulletin: SRX, vSRX and J-Series: Multiple vulnerabilities in ISC BIND named. (JSA10785) (multiple CVEs)
• SUSE: CVE-2016-8864: SUSE Linux Security Advisory
• CentOS: (CVE-2016-8864) (Multiple Advisories): bind97
• Oracle Solaris 11: CVE-2016-8864: Vulnerability in Bind
• Debian: CVE-2016-8864: bind9 -- security update
• Huawei EulerOS: CVE-2016-8864: bind security update
• F5 Networks: K35322517 (CVE-2016-8864): BIND vulnerability CVE-2016-8864
• Alpine Linux: CVE-2016-8864: bind A problem handling responses containing a DNAME answer can lead to an assertion failure
• Gentoo Linux: CVE-2016-8864: BIND: Denial of Service
• IBM AIX: bind_advisory14 (CVE-2016-8864): Denial of service vulnerability in ISC BIND
• Ubuntu: USN-3119-1 (CVE-2016-8864): Bind vulnerability
• Oracle Linux: (CVE-2016-8864) (Multiple Advisories): bind security update
• ISC BIND: A problem handling responses containing a DNAME answer can lead to an assertion failure (CVE-2016-8864)
• FreeBSD: VID-0B8D01A4-A0D2-11E6-9CA2-D050996490D0 (CVE-2016-8864): BIND -- Remote Denial of Service vulnerability