Operational Notification -- Segmentation Fault in resolver.c Affects BIND 9.6-ESV-R6, 9.7.5, 9.8.2, & 9.9.0
Michael McNally
mcnally at isc.org
Mon Apr 30 19:26:56 UTC 2012
Operational Notification -- Segmentation Fault in resolver.c
Affects BIND 9.6-ESV-R6, 9.7.5, 9.8.2, & 9.9.0
Summary:
ISC has discovered a race condition in the resolver code that
can cause a recursive nameserver running BIND 9.6-ESV-R6, 9.7.5,
9.8.2, or 9.9.0 to crash with a segmentation fault. Authoritative-only
servers are not affected, but recursive-only or recursive-authoritative
hybrid servers are at risk of crashing because of this bug.
Posting date: 30 April 2012
Program Impacted: BIND
Versions affected: 9.6-ESV-R6, 9.7.5, 9.8.2, 9.9.0.
Description:
ISC is issuing an operational notification for users running ISC
BIND 9.6-ESV-R6, 9.7.5, 9.8.2 or 9.9.0.
A race condition has been discovered in resolver.c that can
result in a recursive nameserver running one of these versions
to crash with a segmentation fault.
This defect is not considered a security issue, as no known
method for deliberately triggering it exists. It depends on a
matter of random timing between multiple threads executing the
resolver code. However, the nature of the bug is such that the
probability of encountering the crash condition eventually
increases in proportion to the number of queries being resolved
as well as the number of queries being resolved simultaneously.
Consequently, busy recursing nameservers and nameservers with
more threads processing simultaneously are at higher risk of
encountering this bug.
This defect was introduced accidentally in change #3241 which
appeared for the first time in the specified release versions.
Prior release versions (9.6-ESV-R5-P1, 9.7.4-P1, and 9.8.1-P1
and any earlier versions) are not affected by this bug.
ISC is preparing replacement release versions with a delivery
target of mid-May 2012 and a source code patch is currently
available in the ISC Knowledge Base article:
https://kb.isc.org/article/AA-00664
Solution:
Authoritative-only servers do not need to address this issue.
If you have not upgraded yet to the affected versions, postpone
updating until they are replaced by 9.6-ESV-R7, 9.7.6, 9.8.3,
or 9.9.1, which are to be released in mid-May 2012 and which
will include a fix for this issue along with several minor bug
fixes.
If you have already upgraded a recursive server to one of the
affected versions, you have the option of reverting to a prior
release version, waiting for the May release of superseding
packages including the fix, or applying the source code patch
from ISC and rebuilding BIND.
The source code patch can be found as an attachment to the ISC
Knowledge Base article https://kb.isc.org/article/AA-00664
- Do you have Questions? Questions regarding this advisory should
go to support at isc.org.
- Additional information on our Operational Notifications is here:
https://www.isc.org/software/notifications, and Phased Disclosure
Process is here: https://www.isc.org/security-vulnerability-disclosure-policy
Legal Disclaimer:
Internet Systems Consortium (ISC) is providing this notice on
an "AS IS" basis. No warranty or guarantee of any kind is expressed
in this notice and none should be inferred. ISC expressly excludes
and disclaims any warranties regarding this notice or materials
referred to in this notice, including, without limitation, any
implied warranty of merchantability, fitness for a particular
purpose, absence of hidden defects, or of non-infringement. Your
use of, or reliance on, this notice or materials referred to in
this notice is at your own risk. ISC may change this notice at
any time.
More information about the bind-users
mailing list