PT-2015-6934 · Isc+9 · Isc Bind 9.X+9

Elceef

Published

2015-07-28

Updated

2024-06-15

CVE-2015-5477

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ISC BIND 9.x versions 9.9.7 through 9.9.7-P1 ISC BIND 9.x version 9.10.x through 9.10.2-P2

Description The issue allows remote attackers to cause a denial of service via TKEY queries, resulting in a REQUIRE assertion failure and daemon exit. By sending specially-crafted packets, a remote attacker could exploit this to cause the daemon to exit.

Recommendations For ISC BIND 9.x versions 9.9.7 through 9.9.7-P1, update to version 9.9.7-P2 or later. For ISC BIND 9.x version 9.10.x through 9.10.2-P2, update to version 9.10.2-P3 or later. As a temporary workaround, consider restricting access to TKEY queries until a patch is available.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

ALT-PU-2015-1641

ALT-PU-2017-1055

BINDUDPDOS

CESA-2015_1513

CVE-2015-5477

DLA-285-1

DSA-3319-1

ELSA-2015-1513

HPSBUX03400

HPSBUX03410

HPSBUX03511

MGASA-2015-0298

OPENSUSE-SU-2015_1335-1

OPENSUSE-SU-2024:10467-1

RHSA-2015:1513

RHSA-2015:1514

RHSA-2015:1515

RHSA-2015_1513

RHSA-2015_1514

RHSA-2015_1515

RHSA-2016:0078

RHSA-2016:0079

SUSE-SU-2015:1304-1

SUSE-SU-2015:1305-1

SUSE-SU-2015:1316-1

SUSE-SU-2015_1304-1

SUSE-SU-2015_1305-1

SUSE-SU-2015_1316-1

SUSE-SU-2015_1322-1

SUSE-SU-2016_0227-1

USN-2693-1

Affected Products

Alt Linux

Bind Server

Centos

Hp-Ux

Ibm Aix

Isc Bind 9.X

Junos

Red Hat

Suse

Ubuntu

PT-2015-6934 · Isc+9 · Isc Bind 9.X+9

CVE-2015-5477

Weakness Enumeration

Related Identifiers

Affected Products

References · 118