PT-2016-1629 · Isc+9 · Isc Bind 9.10.X+10

Publicado

2015-07-29

Atualizado

2024-06-15

CVE-2016-1286

CVSS v3.1

8.6

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ISC BIND 9.x before 9.9.8-P4 ISC BIND 9.10.x before 9.10.3-P4

Description The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and daemon exit, via a crafted signature record for a DNAME record. This is related to errors in db.c and resolver.c. The vulnerability exists due to insufficient input validation, which can be exploited by a remote attacker to trigger the denial of service.

Recommendations For ISC BIND 9.x before 9.9.8-P4, update to version 9.9.8-P4 or later to resolve the issue. For ISC BIND 9.10.x before 9.10.3-P4, update to version 9.10.3-P4 or later to resolve the issue. As a temporary workaround, consider restricting access to the named process to minimize the risk of exploitation.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2015-1641

ALT-PU-2017-1027

BDU:2016-00941

CESA-2016_0459

CVE-2016-1286

DSA-3511-1

MGASA-2016-0107

OPENSUSE-SU-2016_0827-1

OPENSUSE-SU-2016_0834-1

OPENSUSE-SU-2016_0859-1

OPENSUSE-SU-2024:10467-1

RHSA-2016:0458

RHSA-2016:0459

RHSA-2016:0562

RHSA-2016:0601

RHSA-2016_0458

RHSA-2016_0459

SUSE-SU-2016:0759-1

SUSE-SU-2016:0780-1

SUSE-SU-2016:0825-1

SUSE-SU-2016:1541-1

USN-2925-1

Produtos afetados

Alt Linux

Bind Server

Centos

Freebsd

Ibm Aix

Isc Bind 9.10.X

Isc Bind 9.X

Junos

Red Hat

Suse

Ubuntu

PT-2016-1629 · Isc+9 · Isc Bind 9.10.X+10

CVE-2016-1286

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 137