Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-1349

Опубликовано: 20 фев. 2015
Источник: redhat
CVSS2: 2.6
EPSS Средний

Описание

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions.

Отчет

Red Hat Enterprise Linux 5 ships with both bind (9.3) packages which are not affected by this issue, and bind97 packages, which are affected by this issue. Red Hat Enterprise Linux 5 is now in Production Phase 3 of the support and maintenance life cycle. This issue is not currently planned to be addressed in future bind97 updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5bindNot affected
Red Hat Enterprise Linux 5bind97Will not fix
Red Hat Enterprise Linux 6bindFixedRHSA-2015:067211.03.2015
Red Hat Enterprise Linux 7bindFixedRHSA-2015:067211.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-391
https://bugzilla.redhat.com/show_bug.cgi?id=1193820bind: issue in trust anchor management can cause named to crash

EPSS

Процентиль: 96%
0.27043
Средний

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-1349

ubuntu
больше 10 лет назад

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

nvd логотип

CVE-2015-1349

nvd
больше 10 лет назад

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

debian логотип

CVE-2015-1349

debian
больше 10 лет назад

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x befor ...

github логотип

GHSA-q3mx-v284-x6qr

github
больше 3 лет назад

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

oracle-oval логотип

ELSA-2015-0672

oracle-oval
больше 10 лет назад

ELSA-2015-0672: bind security update (MODERATE)

EPSS

Процентиль: 96%
0.27043
Средний

2.6 Low

CVSS2