Описание
An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
An assertion check flaw caused by a buffer boundary check condition was found in BIND. A remote attacker could trigger this flaw via a large response, during zone transfer. The highest threat from this vulnerability is to system availability.
Отчет
This flaw only affects bind-9.16.x, therefore versions of BIND shipped with Red Hat Products are not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | bind | Not affected | ||
| Red Hat Enterprise Linux 5 | bind97 | Not affected | ||
| Red Hat Enterprise Linux 6 | bind | Not affected | ||
| Red Hat Enterprise Linux 7 | bind | Not affected | ||
| Red Hat Enterprise Linux 8 | bind | Not affected |
Показывать по
Дополнительная информация
Статус:
4.9 Medium
CVSS3
Связанные уязвимости
An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer
An attacker who is permitted to send zone data to a server via zone tr ...
An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
4.9 Medium
CVSS3