ISC Update: BIND 9 Resolver crashes after logging an error in query.c.
Versions of BIND, 9.4-ESV, 9.6-ESV, 9.7.x, 9.8.x
A remote server can cause the target connected client to crash. Organizations across the Internet are reporting crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crash after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))" Multiple versions are reported as being affected, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and working to produce patches which avoid the crash.
An unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached.At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit.
The patch has two components. When a client query is handled, the code which processes the response to the client has to ask the cache for the records for the name that is being queried. The first component of the patch prevents the cache from returning the inconsistent data. The second component prevents named from crashing if it detects that it has been given an inconsistent answer of this nature.
The vulnerability is caused due to an unspecified error when processing recursive queries.
Patches mitigating the issue are available at:
BIND 9.8.1-P1 is the current production release of BIND 9.8
BIND 9.7.4-P1 is the current production release version of BIND 9.7.
BIND 9.6-ESV-R5-P1 is the current Extended Support Version of BIND 9.6.
BIND 9.4-ESV-R5-P1 is the current Extended Support Version of BIND 9.4.