Описание
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | bind | Will not fix | ||
| Red Hat Enterprise Linux 5 | bind | Fixed | RHSA-2016:1944 | 28.09.2016 |
| Red Hat Enterprise Linux 5 | bind97 | Fixed | RHSA-2016:1945 | 28.09.2016 |
| Red Hat Enterprise Linux 6 | bind | Fixed | RHSA-2016:1944 | 28.09.2016 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | bind | Fixed | RHSA-2016:2099 | 25.10.2016 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | bind | Fixed | RHSA-2016:2099 | 25.10.2016 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | bind | Fixed | RHSA-2016:2099 | 25.10.2016 |
| Red Hat Enterprise Linux 6.5 Telco Extended Update Support | bind | Fixed | RHSA-2016:2099 | 25.10.2016 |
| Red Hat Enterprise Linux 6.6 Extended Update Support | bind | Fixed | RHSA-2016:2099 | 25.10.2016 |
| Red Hat Enterprise Linux 6.7 Extended Update Support | bind | Fixed | RHSA-2016:2099 | 25.10.2016 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
5 Medium
CVSS2
Связанные уязвимости
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4- ...
7.5 High
CVSS3
5 Medium
CVSS2