PT-2015-2871 · Isc+2 · Isc Bind 9.9.8+3

Publicado

2015-07-29

Atualizado

2024-06-15

CVE-2015-8461

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ISC BIND 9.9.8 versions 9.9.8 through 9.9.8-P1 ISC BIND 9.10.3 versions 9.10.3 through 9.10.3-P1

Description The issue is related to a race condition in the resolver.c component of the named service in ISC BIND 9. This condition arises due to insufficient checking of the state of a shared resource. As a result, remote attackers can exploit this issue to cause a denial of service, leading to an INSIST assertion failure and the exit of the daemon.

Recommendations For ISC BIND 9.9.8 versions 9.9.8 through 9.9.8-P1, update to version 9.9.8-P2 or later. For ISC BIND 9.10.3 versions 9.10.3 through 9.10.3-P1, update to version 9.10.3-P2 or later.

Exploit

Correção

DoS

Time Of Check To Time Of Use

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-367CWE-362

Identificadores relacionados

ALT-PU-2015-1641

ALT-PU-2017-1027

BDU:2015-12237

CVE-2015-8461

OPENSUSE-SU-2024:10650-1

Produtos afetados

Alt Linux

Bind Server

Isc Bind 9.10.3

Isc Bind 9.9.8

PT-2015-2871 · Isc+2 · Isc Bind 9.9.8+3

CVE-2015-8461

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 60