PT-2014-8563 · Isc+9 · Isc Bind+9

Published

2014-12-09

Updated

2024-06-15

CVE-2014-8500

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ISC BIND versions 9.0.x through 9.8.x ISC BIND versions 9.9.0 through 9.9.6 ISC BIND versions 9.10.0 through 9.10.1

Description The issue allows remote attackers to cause a denial of service, resulting in memory consumption and named crash, via a large or infinite number of referrals due to the lack of limits on delegation chaining.

Recommendations For versions 9.0.x through 9.8.x, update to a version that limits delegation chaining to prevent denial of service attacks. For versions 9.9.0 through 9.9.6, update to a version that limits delegation chaining to prevent denial of service attacks. For versions 9.10.0 through 9.10.1, update to a version that limits delegation chaining to prevent denial of service attacks.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2015-1641

CESA-2014_1984

CVE-2014-8500

DLA-112-1

DSA-3094-1

HPSBUX03235

HPSBUX03400

MGASA-2014-0524

OPENSUSE-SU-2024:10467-1

RHSA-2014:1984

RHSA-2014:1985

RHSA-2014_1984

RHSA-2014_1985

RHSA-2016:0078

SUSE-SU-2015:0011-2

SUSE-SU-2015:0480-1

SUSE-SU-2015:1205-1

SUSE-SU-2015_0011-1

SUSE-SU-2015_0011-2

SUSE-SU-2015_0096-1

SUSE-SU-2015_0488-1

USN-2437-1

Affected Products

Alt Linux

Bind Server

Centos

Hp-Ux

Ibm Aix

Isc Bind

Junos

Red Hat

Suse

Ubuntu

PT-2014-8563 · Isc+9 · Isc Bind+9

CVE-2014-8500

Weakness Enumeration

Related Identifiers

Affected Products

References · 127