Bug/Vulnerability in `Dig' in latest dnsutils/bind9

Joshua Rogers megamansec at gmail.com
Tue Oct 28 11:31:52 UTC 2014 

Thanks.
Also, this may be relevant:
> Fails an assertion on NetBSD, maybe this provides further insight:
> $ uname -a
> NetBSD alix.localdomain 6.1_STABLE NetBSD 6.1_STABLE (ALIXKERN) #0: Sat Oct 11 16:21:44 CEST 2014  fisted at alix.localdomain:/usr/src/sys/arch/i386/compile/ALIXKERN i386
> $ dig -v
> DiG 9.9.2-P1
> $ dig +time=3 +nssearch +tcp internot.info
> /usr/src/external/bsd/bind/dist/lib/isc/unix/socket.c:2566: REQUIRE(socketp != ((void *)0) && *socketp == ((void *)0)) failed, back trace
> [...] (backtrace w/o debug symbols)
> Abort trap
> $
>
> Does NOT fail on a more ancient dig on 32-bit Lunix
> $ dig -v
> DiG 9.7.3
> $ uname -a
> Linux kurscheid.mxxxxxxxxxxxn.de 3.10.42.wap #1 SMP Wed Jun 11 13:32:24 CEST 2014 i686 GNU/Linux
> $ dig +time=3 +nssearch +tcp internot.info
> ;; Connection to 173.245.58.104#53(coco.ns.cloudflare.com) for internot.info failed: connection refused.
> ;; Connection to 173.245.59.149#53(will.ns.cloudflare.com) for internot.info failed: connection refused.
> $

> The above system (alix) has a working IPv6 connection. (kurscheid does not, however, the nameserver kurscheid asks does, FWIW)
From my friend.

So, the lack of ipv6 is not the problem, it is in Bind.

Thanks


On 28/10/14 19:51, Mukund Sivaraman wrote:
> Hi Joshua
>
> On Tue, Oct 28, 2014 at 07:30:45PM +1100, Joshua Rogers wrote:
>> Using the +nssearch and +tcp flags together, when looking at a domain
>> with an ipv6 address, Dig crashes with a segmentation fault.
> Thank you for this bug report. I've forwarded it to our bug tracker.
>
> If you want to report bugs to the developers, you can mail
> <bind9-bugs at isc.org> which will automatically create a ticket in our bug
> tracker.
>
> 		Mukund


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20141028/74206433/attachment.bin>

More information about the bind-users mailing list