Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 573
    • Issues 573
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 108
    • Merge requests 108
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #1238
Closed
Open
Issue created Sep 20, 2019 by bobopu@bobopu

[CVE-2019-6476] critical: resolver.c:4917: INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed

Summary

general: critical: resolver.c:4917: INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed
general: critical: exiting (due to assertion failure)

BIND version used

BIND 9.14.6 (Stable Release) <id:efd3496>
running on Linux x86_64 4.14.47-64.38.amzn2.x86_64 #1 SMP Mon Jun 18 22:33:07 UTC 2018
built by make with '--prefix=/data/named' '--enable-threads' '--enable-epoll' '--enable-fetchlimi' '--disable-openssl-version-check' '--with-dlz-filesystem' '--with-tuning=large' '--disable-crypto-rand'
compiled by GCC 7.3.1 20180303 (Red Hat 7.3.1-5)
compiled with OpenSSL version: OpenSSL 1.0.2k  26 Jan 2017
linked to OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017
compiled with zlib version: 1.2.7
linked to zlib version: 1.2.7
threads support is enabled

default paths:
  named configuration:  /data/named/etc/named.conf
  rndc configuration:   /data/named/etc/rndc.conf
  DNSSEC root key:      /data/named/etc/bind.keys
  nsupdate session key: /data/named/var/run/named/session.key
  named PID file:       /data/named/var/run/named/named.pid
  named lock file:      /data/named/var/run/named/named.lock

Steps to reproduce

queries: info: client @0x7f18ed2eeec0 140.206.63.106#26724 (121.52.95.211.in-addr.arpa): view cnc-nanfang: query: 121.52.95.211.in-addr.arpa IN PTR + (172.16.2.66)

What is the current bug behavior?

When a PTR request occurs, bind exiting

Relevant configuration files

Too long...

Relevant logs and/or screenshots

queries: info: client @0x7f18ed2eeec0 140.206.63.106#26724 (121.52.95.211.in-addr.arpa): view cnc-nanfang: query: 121.52.95.211.in-addr.arpa IN PTR + (172.16.2.66)
general: critical: resolver.c:4917: INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed
general: critical: exiting (due to assertion failure)

Incident tracking page

https://wiki.isc.org/bin/view/Main/SecurityIncidentChecklist20196476QminAndForwarders

Edited Sep 25, 2019 by Michał Kępień
Assignee
Assign to
Time tracking