PT-2016-5213 · Isc+8 · Isc Bind 9+8
Alejandro Parodi
+2
·
Publicado
2015-07-28
·
Atualizado
2025-12-18
·
CVE-2016-2776
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
ISC BIND 9 versions 9.9.9 before 9.9.9-P3
ISC BIND 9 versions 9.10.x before 9.10.4-P3
ISC BIND 9 versions 9.11.x before 9.11.0rc3
Description
The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and daemon exit, by sending a crafted query. This can also be triggered by sending an overly long request when lwresd or the named lwres option is enabled, causing the daemon to crash.
Recommendations
For ISC BIND 9 versions 9.9.9 before 9.9.9-P3, update to version 9.9.9-P3 or later.
For ISC BIND 9 versions 9.10.x before 9.10.4-P3, update to version 9.10.4-P3 or later.
For ISC BIND 9 versions 9.11.x before 9.11.0rc3, update to version 9.11.0rc3 or later.
As a temporary workaround, consider disabling the lwresd option or the named lwres option to minimize the risk of exploitation.
Exploit
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Bind Server
Centos
Freebsd
Ibm Aix
Isc Bind 9
Red Hat
Suse
Ubuntu