PT-2016-5212 · Isc+5 · Isc Bind+5

Publicado

2016-07-19

Atualizado

2024-06-15

CVE-2016-2775

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ISC BIND versions 9.9.x before 9.9.9-P2 ISC BIND versions 9.10.x before 9.10.4-P2 ISC BIND versions 9.11.x before 9.11.0b2

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This occurs when lwresd or the named lwres option is enabled and an overly long request is sent using the lightweight resolver protocol.

Recommendations For ISC BIND versions 9.9.x before 9.9.9-P2, update to version 9.9.9-P2 or later. For ISC BIND versions 9.10.x before 9.10.4-P2, update to version 9.10.4-P2 or later. For ISC BIND versions 9.11.x before 9.11.0b2, update to version 9.11.0b2 or later. As a temporary workaround, consider disabling the lwres option or lwresd until a patch is available.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2017-1464

CVE-2016-2775

DLA-645-1

DSA-3680-1

MGASA-2016-0332

OPENSUSE-SU-2017_1063-1

OPENSUSE-SU-2024:10650-1

RHSA-2017:2533

SUSE-SU-2017:0998-1

SUSE-SU-2017:0999-1

SUSE-SU-2017:1000-1

SUSE-SU-2017_0998-1

SUSE-SU-2017_0999-1

SUSE-SU-2017_1000-1

USN-5747-1

Produtos afetados

Alt Linux

Bind Server

Ibm Aix

Isc Bind

Suse

Ubuntu

PT-2016-5212 · Isc+5 · Isc Bind+5

CVE-2016-2775

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 110