Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-6170

Опубликовано: 04 июл. 2016
Источник: redhat
CVSS3: 6.5
CVSS2: 4

Описание

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

It was found that bind does not implement reasonable restrictions for zone sizes. This allows an explicitly configured primary DNS server for a zone to crash a secondary DNS server, affecting service of other zones hosted on the same secondary server.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Меры по смягчению последствий

This issue can be mitigated by disallowing zone transfers and dynamic updates from potentially malicious sources. For more information, see the "Workarounds" section on https://kb.isc.org/article/AA-01390 page.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5bindWill not fix
Red Hat Enterprise Linux 5bind97Will not fix
Red Hat Enterprise Linux 6bindWill not fix
Red Hat Enterprise Linux 7bindWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1353563bind: Improper restriction of zone size limit

6.5 Medium

CVSS3

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-6170

CVSS3: 6.5
ubuntu
больше 9 лет назад

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

nvd логотип

CVE-2016-6170

CVSS3: 6.5
nvd
больше 9 лет назад

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

debian логотип

CVE-2016-6170

CVSS3: 6.5
debian
больше 9 лет назад

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x throug ...

github логотип

GHSA-r98f-r8h7-rj5p

CVSS3: 6.5
github
больше 3 лет назад

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

suse-cvrf логотип

openSUSE-SU-2017:1063-1

suse-cvrf
почти 9 лет назад

Security update for bind

6.5 Medium

CVSS3

4 Medium

CVSS2