Redhhat Bind 9 (rpm bind-9.2.1-1.7x.2) Security issue not fixed ?

Mark_Andrews at isc.org Mark_Andrews at isc.org
Mon Dec 16 21:29:55 UTC 2002 

> I saw the following hit in bind this morning which resulted in the
> shutting down of one of the nameservers.
> 
> This is a rather big concern as according to the package list from
> RedHat this is the latest update for 9.x available and was supposed to
> fix this vulnerability in BIND.

	Just because it is a REQUIRE failure doesn't mean that it
	is a known failure point.  You also have to match the
	filename and line number first.  Even then there may be
	multiple failures on different calling paths each of which
	can trigger the same REQUIRE.

	A REQUIRE failure just says named detected a internal
	inconsistancy.  It doesn't say were the problem is.  Except
	for where the error is in the REQUIRE test itself the actual
	error is elsewhere in the nameserver.

	One problem can cause multiple REQUIRE's.
	Different problems can cause the same REQUIRE.

	The same logic applies to the other internal consistancy
	checks.

> I am posting here (and then post it in the redhat group) in the hopes
> that someone can tell me whether or not this is a new DOS or something
> possibly due to a misconfiguration on my part.

	Well it a bug.  A stack backtrace sent to bind9-bugs at isc.org
	would be the next step.
 
> Heres the log:
> 
> Dec 16 04:04:54.845 general: critical: rdataset.c:297:
> REQUIRE((((rdataset) != ((void *)0)) && (((const isc__magic_t
> *)(rdataset))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 |
> ('R')))))) failed
> Dec 16 04:04:55.019 general: critical: exiting (due to assertion
> failure)
> 
> According to this errata, the issue I just saw was supposed to be
> fixed:
> 
> http://rhn.redhat.com/errata/RHSA-2002-105.html

	No.  That is a completely different REQUIRE failure.
 
> But it points out that this errata is outdated to fix a resovler
> library vulnerability located at
> 
> http://rhn.redhat.com/errata/RHSA-2002-133.html

	This has nothing to do with named from BIND 9.

	Mark

> So did the last fix possible re-introduce this error?
> 
> Thanks!
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list