Описание
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | bind | Will not fix | ||
| Red Hat Enterprise Linux 5 | bind | Fixed | RHSA-2015:2656 | 16.12.2015 |
| Red Hat Enterprise Linux 5 | bind97 | Fixed | RHSA-2015:2658 | 16.12.2015 |
| Red Hat Enterprise Linux 6 | bind | Fixed | RHSA-2015:2655 | 16.12.2015 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | bind | Fixed | RHSA-2016:0078 | 28.01.2016 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | bind | Fixed | RHSA-2016:0078 | 28.01.2016 |
| Red Hat Enterprise Linux 6.6 Extended Update Support | bind | Fixed | RHSA-2016:0079 | 28.01.2016 |
| Red Hat Enterprise Linux 7 | bind | Fixed | RHSA-2015:2655 | 16.12.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3 ...
EPSS
4.3 Medium
CVSS2