HIGH7.1
Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:CReferences
Severity:
Closed issues (16)
MEDIUM5.0
Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
MEDIUM4.3
Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
HIGH7.8
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
- http://linux.oracle.com/errata/ELSA-2014-1244
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101500.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101603.html
- http://marc.info/?l=bugtraq&m=136804614120794&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0689.html
- http://rhn.redhat.com/errata/RHSA-2013-0690.html
- http://support.apple.com/kb/HT5880
- http://www.debian.org/security/2013/dsa-2656
- http://www.isc.org/software/bind/advisories/cve-2013-2266
- http://www.securityfocus.com/bid/58736
- http://www.ubuntu.com/usn/USN-1783-1
- https://kb.isc.org/article/AA-00871/
- https://kb.isc.org/article/AA-00879/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19579
- http://linux.oracle.com/errata/ELSA-2014-1244
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101500.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101603.html
- http://marc.info/?l=bugtraq&m=136804614120794&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0689.html
- http://rhn.redhat.com/errata/RHSA-2013-0690.html
- http://support.apple.com/kb/HT5880
- http://www.debian.org/security/2013/dsa-2656
- http://www.isc.org/software/bind/advisories/cve-2013-2266
- http://www.securityfocus.com/bid/58736
- http://www.ubuntu.com/usn/USN-1783-1
- https://kb.isc.org/article/AA-00871/
- https://kb.isc.org/article/AA-00879/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19579
HIGH7.8
resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CHIGH7.8
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
- http://linux.oracle.com/errata/ELSA-2014-1244
- http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html
- http://rhn.redhat.com/errata/RHSA-2013-1114.html
- http://rhn.redhat.com/errata/RHSA-2013-1115.html
- http://secunia.com/advisories/54134
- http://secunia.com/advisories/54185
- http://secunia.com/advisories/54207
- http://secunia.com/advisories/54211
- http://secunia.com/advisories/54323
- http://secunia.com/advisories/54432
- http://www.debian.org/security/2013/dsa-2728
- http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:202
- http://www.securityfocus.com/bid/61479
- http://www.securitytracker.com/id/1028838
- http://www.ubuntu.com/usn/USN-1910-1
- http://www.zerodayinitiative.com/advisories/ZDI-13-210/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86004
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396
- https://kb.isc.org/article/AA-01015
- https://kb.isc.org/article/AA-01016
- https://kc.mcafee.com/corporate/index?page=content&id=SB10052
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561
- https://support.apple.com/kb/HT6536
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
- http://linux.oracle.com/errata/ELSA-2014-1244
- http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html
- http://rhn.redhat.com/errata/RHSA-2013-1114.html
- http://rhn.redhat.com/errata/RHSA-2013-1115.html
- http://secunia.com/advisories/54134
- http://secunia.com/advisories/54185
- http://secunia.com/advisories/54207
- http://secunia.com/advisories/54211
- http://secunia.com/advisories/54323
- http://secunia.com/advisories/54432
- http://www.debian.org/security/2013/dsa-2728
- http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:202
- http://www.securityfocus.com/bid/61479
- http://www.securitytracker.com/id/1028838
- http://www.ubuntu.com/usn/USN-1910-1
- http://www.zerodayinitiative.com/advisories/ZDI-13-210/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86004
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396
- https://kb.isc.org/article/AA-01015
- https://kb.isc.org/article/AA-01016
- https://kc.mcafee.com/corporate/index?page=content&id=SB10052
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561
- https://support.apple.com/kb/HT6536
MEDIUM6.8
The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PReferences
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.518391
- https://kb.isc.org/article/AA-01062
- https://kb.isc.org/article/AA-01063
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.518391
- https://kb.isc.org/article/AA-01062
- https://kb.isc.org/article/AA-01063
HIGH7.8
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
- http://advisories.mageia.org/MGASA-2014-0524.html
- http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00013.html
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html
- http://marc.info/?l=bugtraq&m=142180687100892&w=2
- http://marc.info/?l=bugtraq&m=144000632319155&w=2
- http://rhn.redhat.com/errata/RHSA-2016-0078.html
- http://secunia.com/advisories/62064
- http://secunia.com/advisories/62122
- http://security.gentoo.org/glsa/glsa-201502-03.xml
- http://securitytracker.com/id?1031311
- http://ubuntu.com/usn/usn-2437-1
- http://www.debian.org/security/2014/dsa-3094
- http://www.kb.cert.org/vuls/id/264212
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:165
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/71590
- https://kb.isc.org/article/AA-01216/
- https://security.netapp.com/advisory/ntap-20190730-0002/
- https://support.apple.com/HT205219
- http://advisories.mageia.org/MGASA-2014-0524.html
- http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00013.html
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html
- http://marc.info/?l=bugtraq&m=142180687100892&w=2
- http://marc.info/?l=bugtraq&m=144000632319155&w=2
- http://rhn.redhat.com/errata/RHSA-2016-0078.html
- http://secunia.com/advisories/62064
- http://secunia.com/advisories/62122
- http://security.gentoo.org/glsa/glsa-201502-03.xml
- http://securitytracker.com/id?1031311
- http://ubuntu.com/usn/usn-2437-1
- http://www.debian.org/security/2014/dsa-3094
- http://www.kb.cert.org/vuls/id/264212
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:165
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/71590
- https://kb.isc.org/article/AA-01216/
- https://security.netapp.com/advisory/ntap-20190730-0002/
- https://support.apple.com/HT205219
MEDIUM5.4
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.
CVSS 2.0MEDIUM 5.4
CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:CReferences
- http://advisories.mageia.org/MGASA-2015-0082.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html
- http://marc.info/?l=bugtraq&m=143740940810833&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0672.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:054
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:165
- http://www.ubuntu.com/usn/USN-2503-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1193820
- https://kb.isc.org/article/AA-01235
- https://kb.juniper.net/JSA10783
- https://kc.mcafee.com/corporate/index?page=content&id=SB10116
- https://security.gentoo.org/glsa/201510-01
- https://support.apple.com/HT205219
- http://advisories.mageia.org/MGASA-2015-0082.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html
- http://marc.info/?l=bugtraq&m=143740940810833&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0672.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:054
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:165
- http://www.ubuntu.com/usn/USN-2503-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1193820
- https://kb.isc.org/article/AA-01235
- https://kb.juniper.net/JSA10783
- https://kc.mcafee.com/corporate/index?page=content&id=SB10116
- https://security.gentoo.org/glsa/201510-01
- https://support.apple.com/HT205219
HIGH7.8
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162040.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162286.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html
- http://marc.info/?l=bugtraq&m=143740940810833&w=2
- http://rhn.redhat.com/errata/RHSA-2015-1443.html
- http://rhn.redhat.com/errata/RHSA-2015-1471.html
- http://www.debian.org/security/2015/dsa-3304
- http://www.securityfocus.com/bid/75588
- http://www.securitytracker.com/id/1032799
- http://www.ubuntu.com/usn/USN-2669-1
- https://kb.isc.org/article/AA-01267
- https://kb.isc.org/article/AA-01305
- https://kb.isc.org/article/AA-01306
- https://kb.isc.org/article/AA-01307
- https://kb.isc.org/article/AA-01438
- https://kb.juniper.net/JSA10783
- https://kc.mcafee.com/corporate/index?page=content&id=SB10124
- https://security.gentoo.org/glsa/201510-01
- https://security.netapp.com/advisory/ntap-20190903-0003/
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162040.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162286.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html
- http://marc.info/?l=bugtraq&m=143740940810833&w=2
- http://rhn.redhat.com/errata/RHSA-2015-1443.html
- http://rhn.redhat.com/errata/RHSA-2015-1471.html
- http://www.debian.org/security/2015/dsa-3304
- http://www.securityfocus.com/bid/75588
- http://www.securitytracker.com/id/1032799
- http://www.ubuntu.com/usn/USN-2669-1
- https://kb.isc.org/article/AA-01267
- https://kb.isc.org/article/AA-01305
- https://kb.isc.org/article/AA-01306
- https://kb.isc.org/article/AA-01307
- https://kb.isc.org/article/AA-01438
- https://kb.juniper.net/JSA10783
- https://kc.mcafee.com/corporate/index?page=content&id=SB10124
- https://security.gentoo.org/glsa/201510-01
- https://security.netapp.com/advisory/ntap-20190903-0003/
HIGH7.8
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10718
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
- http://marc.info/?l=bugtraq&m=144000632319155&w=2
- http://marc.info/?l=bugtraq&m=144017354030745&w=2
- http://marc.info/?l=bugtraq&m=144181171013996&w=2
- http://marc.info/?l=bugtraq&m=144294073801304&w=2
- http://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html
- http://rhn.redhat.com/errata/RHSA-2015-1513.html
- http://rhn.redhat.com/errata/RHSA-2015-1514.html
- http://rhn.redhat.com/errata/RHSA-2015-1515.html
- http://rhn.redhat.com/errata/RHSA-2016-0078.html
- http://rhn.redhat.com/errata/RHSA-2016-0079.html
- http://www.debian.org/security/2015/dsa-3319
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/76092
- http://www.securitytracker.com/id/1033100
- http://www.ubuntu.com/usn/USN-2693-1
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04789415
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918
- https://kb.isc.org/article/AA-01272
- https://kb.isc.org/article/AA-01305
- https://kb.isc.org/article/AA-01306
- https://kb.isc.org/article/AA-01307
- https://kb.isc.org/article/AA-01438
- https://kb.juniper.net/JSA10783
- https://kc.mcafee.com/corporate/index?page=content&id=SB10126
- https://security.gentoo.org/glsa/201510-01
- https://security.netapp.com/advisory/ntap-20160114-0001/
- https://support.apple.com/kb/HT205032
- https://www.exploit-db.com/exploits/37721/
- https://www.exploit-db.com/exploits/37723/
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10718
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
- http://marc.info/?l=bugtraq&m=144000632319155&w=2
- http://marc.info/?l=bugtraq&m=144017354030745&w=2
- http://marc.info/?l=bugtraq&m=144181171013996&w=2
- http://marc.info/?l=bugtraq&m=144294073801304&w=2
- http://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html
- http://rhn.redhat.com/errata/RHSA-2015-1513.html
- http://rhn.redhat.com/errata/RHSA-2015-1514.html
- http://rhn.redhat.com/errata/RHSA-2015-1515.html
- http://rhn.redhat.com/errata/RHSA-2016-0078.html
- http://rhn.redhat.com/errata/RHSA-2016-0079.html
- http://www.debian.org/security/2015/dsa-3319
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/76092
- http://www.securitytracker.com/id/1033100
- http://www.ubuntu.com/usn/USN-2693-1
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04789415
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918
- https://kb.isc.org/article/AA-01272
- https://kb.isc.org/article/AA-01305
- https://kb.isc.org/article/AA-01306
- https://kb.isc.org/article/AA-01307
- https://kb.isc.org/article/AA-01438
- https://kb.juniper.net/JSA10783
- https://kc.mcafee.com/corporate/index?page=content&id=SB10126
- https://security.gentoo.org/glsa/201510-01
- https://security.netapp.com/advisory/ntap-20160114-0001/
- https://support.apple.com/kb/HT205032
- https://www.exploit-db.com/exploits/37721/
- https://www.exploit-db.com/exploits/37723/
MEDIUM5.0
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
- http://marc.info/?l=bugtraq&m=145680832702035&w=2
- http://packetstormsecurity.com/files/134882/FreeBSD-Security-Advisory-BIND-Denial-Of-Service.html
- http://rhn.redhat.com/errata/RHSA-2015-2655.html
- http://rhn.redhat.com/errata/RHSA-2015-2656.html
- http://rhn.redhat.com/errata/RHSA-2015-2658.html
- http://rhn.redhat.com/errata/RHSA-2016-0078.html
- http://rhn.redhat.com/errata/RHSA-2016-0079.html
- http://www.debian.org/security/2015/dsa-3420
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/79349
- http://www.securitytracker.com/id/1034418
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
- http://www.ubuntu.com/usn/USN-2837-1
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105
- https://kb.isc.org/article/AA-01317
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
- http://marc.info/?l=bugtraq&m=145680832702035&w=2
- http://packetstormsecurity.com/files/134882/FreeBSD-Security-Advisory-BIND-Denial-Of-Service.html
- http://rhn.redhat.com/errata/RHSA-2015-2655.html
- http://rhn.redhat.com/errata/RHSA-2015-2656.html
- http://rhn.redhat.com/errata/RHSA-2015-2658.html
- http://rhn.redhat.com/errata/RHSA-2016-0078.html
- http://rhn.redhat.com/errata/RHSA-2016-0079.html
- http://www.debian.org/security/2015/dsa-3420
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/79349
- http://www.securitytracker.com/id/1034418
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
- http://www.ubuntu.com/usn/USN-2837-1
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105
- https://kb.isc.org/article/AA-01317
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
HIGH7.1
Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.
CVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:CReferences
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html
- http://www.securityfocus.com/bid/79347
- http://www.securitytracker.com/id/1034419
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
- https://kb.isc.org/article/AA-01319
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html
- http://www.securityfocus.com/bid/79347
- http://www.securitytracker.com/id/1034419
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
- https://kb.isc.org/article/AA-01319
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
MEDIUM6.8
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.8
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HReferences
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html
- http://marc.info/?l=bugtraq&m=146191105921542&w=2
- http://rhn.redhat.com/errata/RHSA-2016-0562.html
- http://rhn.redhat.com/errata/RHSA-2016-0601.html
- http://www.debian.org/security/2016/dsa-3511
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securitytracker.com/id/1035236
- http://www.ubuntu.com/usn/USN-2925-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://kb.isc.org/article/AA-01352
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc
- https://security.gentoo.org/glsa/201610-07
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html
- http://marc.info/?l=bugtraq&m=146191105921542&w=2
- http://rhn.redhat.com/errata/RHSA-2016-0562.html
- http://rhn.redhat.com/errata/RHSA-2016-0601.html
- http://www.debian.org/security/2016/dsa-3511
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securitytracker.com/id/1035236
- http://www.ubuntu.com/usn/USN-2925-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://kb.isc.org/article/AA-01352
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc
- https://security.gentoo.org/glsa/201610-07
HIGH8.6
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 8.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HReferences
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html
- http://marc.info/?l=bugtraq&m=146191105921542&w=2
- http://rhn.redhat.com/errata/RHSA-2016-0562.html
- http://rhn.redhat.com/errata/RHSA-2016-0601.html
- http://www.debian.org/security/2016/dsa-3511
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securitytracker.com/id/1035237
- http://www.ubuntu.com/usn/USN-2925-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://kb.isc.org/article/AA-01353
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc
- https://security.gentoo.org/glsa/201610-07
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html
- http://marc.info/?l=bugtraq&m=146191105921542&w=2
- http://rhn.redhat.com/errata/RHSA-2016-0562.html
- http://rhn.redhat.com/errata/RHSA-2016-0601.html
- http://www.debian.org/security/2016/dsa-3511
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securitytracker.com/id/1035237
- http://www.ubuntu.com/usn/USN-2925-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://kb.isc.org/article/AA-01353
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc
- https://security.gentoo.org/glsa/201610-07
MEDIUM5.9
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- http://rhn.redhat.com/errata/RHSA-2017-0276.html
- http://www.securityfocus.com/bid/96150
- http://www.securitytracker.com/id/1037801
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
- https://kb.isc.org/docs/aa-01453
- https://security.gentoo.org/glsa/201708-01
- https://security.netapp.com/advisory/ntap-20180926-0005/
- https://www.debian.org/security/2017/dsa-3795
- http://rhn.redhat.com/errata/RHSA-2017-0276.html
- http://www.securityfocus.com/bid/96150
- http://www.securitytracker.com/id/1037801
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
- https://kb.isc.org/docs/aa-01453
- https://security.gentoo.org/glsa/201708-01
- https://security.netapp.com/advisory/ntap-20180926-0005/
- https://www.debian.org/security/2017/dsa-3795