Vulnerability CVE-2016-1286


Published: 2016-03-09

Description:
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

Type:

CWE-20

(Improper Input Validation)

Vendor: ISC
Product: BIND 
Version:
9.9.8
9.9.7
9.9.6
9.9.5
9.9.4
9.9.3
9.9.2
9.9.1
9.9.0
9.8.6
9.8.5
9.8.4
9.8.3
9.8.2
9.8.1
9.8.0
9.7.7
9.7.6
9.7.5
9.7.4
9.7.3
9.7.2
9.7.1
9.7.0
9.6.3
9.6.2
9.6.1
9.6.0
9.6
9.5.3
9.5.2
9.5.1
9.5.0
9.5
9.4.3
9.4.2
9.4.1
9.4.0
9.4
9.3.6
9.3.5
9.3.4
9.3.3
9.3.2
9.3.1
9.3.0
9.3
9.2.9
9.2.8
9.2.7
9.2.6
9.2.5
9.2.4
9.2.3
9.2.2
9.2.1
9.2.0
9.2
9.10.3
9.10.2
9.10.1
9.10.0
9.1.3
9.1.2
9.1.1
9.1.0
9.1
9.0.1
9.0.0
9.0
Vendor: Novell
Product: Suse openstack cloud 
Version: 5;
Product: Suse manager proxy 
Version: 2.1;
Product: Suse manager 
Version: 2.1;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html
http://marc.info/?l=bugtraq&m=146191105921542&w=2
http://rhn.redhat.com/errata/RHSA-2016-0562.html
http://rhn.redhat.com/errata/RHSA-2016-0601.html
http://www.debian.org/security/2016/dsa-3511
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securitytracker.com/id/1035237
http://www.ubuntu.com/usn/USN-2925-1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
https://kb.isc.org/article/AA-01353
https://kb.isc.org/article/AA-01380
https://kb.isc.org/article/AA-01438
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc
https://security.gentoo.org/glsa/201610-07

Related CVE
CVE-2016-9597
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression C...
CVE-2017-9277
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
CVE-2017-9267
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2017-14496
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
CVE-2017-14493
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
CVE-2017-14494
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
CVE-2017-13704
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platf...

Copyright 2019, cxsecurity.com

 

Back to Top