CVE-2016-6170

Опубликовано: 06 июл. 2016

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Средний

Описание

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

Ссылки

http://www.openwall.com/lists/oss-security/2016/07/06/3
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/91611
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036241
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1353563
Issue Tracking
Patch
Third Party Advisory
https://github.com/sischkg/xfer-limit/blob/master/README.md
Exploit
Patch
Third Party Advisory
https://kb.isc.org/article/AA-01390
Vendor Advisory
https://kb.isc.org/article/AA-01390/169/CVE-2016-6170
Vendor Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
Mailing List
Third Party Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html
Mailing List
Third Party Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201610-07
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/06/3
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/91611
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036241
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1353563
Issue Tracking
Patch
Third Party Advisory
https://github.com/sischkg/xfer-limit/blob/master/README.md
Exploit
Patch
Third Party Advisory
https://kb.isc.org/article/AA-01390
Vendor Advisory
https://kb.isc.org/article/AA-01390/169/CVE-2016-6170
Vendor Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
Mailing List
Third Party Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*

Версия от 9.0 (включая) до 9.9.8 (включая)

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*

Версия от 9.10.0 (включая) до 9.10.3 (включая)

cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.9:beta1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.9:beta2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:a2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:a3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:b1:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.1302

Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2016-6170

CVSS3: 6.5

ubuntu

больше 9 лет назад

CVE-2016-6170

CVSS3: 6.5

redhat

больше 9 лет назад

CVE-2016-6170

CVSS3: 6.5

debian

больше 9 лет назад

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x throug ...

GHSA-r98f-r8h7-rj5p

CVSS3: 6.5

github

больше 3 лет назад

openSUSE-SU-2017:1063-1

suse-cvrf

почти 9 лет назад

Security update for bind

EPSS

Процентиль: 94%

0.1302

Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20