Knowledge Base ISC Main Website Ask a Question/Contact ISC
Operational Notification -- Segmentation Fault in resolver.c Affects BIND 9.6-ESV-R6, 9.7.5, 9.8.2, & 9.9.0
Author: Michael McNally Reference Number: AA-00664 Views: 32318 Created: 2012-04-26 16:40 Last Updated: 2012-06-08 12:03 0 Rating/ Voters

Title: Operational Notification -- Segmentation Fault in resolver.c Affects BIND 9.6-ESV-R6, 9.7.5, 9.8.2, & 9.9.0

Summary:

ISC has discovered a race condition in the resolver code that can cause a recursive nameserver running BIND 9.6-ESV-R6, 9.7.5, 9.8.2, or 9.9.0 to crash with a segmentation fault. Authoritative-only servers are not affected, but recursive-only or recursive-authoritative hybrid servers are at risk of crashing because of this bug.

Posting date: 30 April 2012, updated solution on May 24th

Program Impacted: BIND

Versions affected: 9.6-ESV-R6, 9.7.5, 9.8.2, 9.9.0.

Description:

ISC is issuing an operational notification for users running ISC BIND 9.6-ESV-R6, 9.7.5, 9.8.2 or 9.9.0.

A race condition has been discovered in resolver.c that can result in a recursive nameserver running one of these versions to crash with a segmentation fault.

This defect is not considered a security issue, as no known method for deliberately triggering it exists. It depends on a matter of random timing between multiple threads executing the resolver code. However, the nature of the bug is such that the probability of encountering the crash condition eventually increases in proportion to the number of queries being resolved as well as the number of queries being resolved simultaneously. Consequently, busy recursing nameservers and nameservers with more threads processing simultaneously are at higher risk of encountering this bug.

This defect was introduced accidentally in change #3241 which appeared for the first time in the specified release versions. Prior release versions (9.6-ESV-R5-P1, 9.7.4-P1, and 9.8.1-P1 and any earlier versions) are not affected by this bug.

ISC is preparing replacement release versions with a delivery target of mid-May 2012 and a source code patch is currently available in the ISC Knowledge Base article: https://kb.isc.org/article/AA-00664

Solution:

Authoritative-only servers do not need to address this issue.

Upgrade to one of these releases published on May 21: 9.6-ESV-R7, 9.7.6, 9.8.3, or 9.9.1

If you have already upgraded a recursive server to one of the affected versions, you have the option of reverting to a prior release version, waiting for the May release of superseding packages including the fix, or applying the source code patch from ISC and rebuilding BIND.

The source code patch can be found as an attachment to the ISC Knowledge Base article https://kb.isc.org/article/AA-00664

- Do you have Questions? Questions regarding this advisory should go to support@isc.org.

Additional information on our Operational Notifications is here: https://www.isc.org/software/notifications, and Phased Disclosure Process is here: https://www.isc.org/security-vulnerability-disclosure-policy

This operational notification is a copy of the official document located on our website.

Legal Disclaimer:

Internet Systems Consortium (ISC) is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be inferred. ISC expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or of non-infringement. Your use of, or reliance on, this notice or materials referred to in this notice is at your own risk. ISC may change this notice at any time.

© 2001-2014 Internet Systems Consortium

Attachments
RT27995.txt 986 b Download File
Feedback
  • Please help us to improve the content of our knowledge base by letting us know how we can improve this article or by submitting suggestions for other articles you'd like to see created. Information on how to obtain further help on our products or services can be found on our main website.' If you have a technical question or problem on which you'd like help, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu