PT-2015-7699 · Isc+8 · Isc Bind 9.X+8

Published

2015-07-29

·

Updated

2024-06-15

·

CVE-2015-8000

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions ISC BIND 9.x versions 9.9.8-P2 and earlier ISC BIND 9.x versions 9.10.x through 9.10.3-P1
Description The issue is related to a denial of service caused by an error in db.c when parsing incoming responses. A remote attacker could exploit this to trigger a REQUIRE assertion failure and cause a denial of service.
Recommendations For ISC BIND 9.x versions 9.9.8-P2 and earlier, update to version 9.9.8-P2 or later. For ISC BIND 9.x versions 9.10.x through 9.10.3-P1, update to version 9.10.3-P2 or later.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2015-1641
ALT-PU-2017-1027
CESA-2015_2655
CVE-2015-8000
DLA-370-1
DSA-3420-1
HPSBUX03552
MGASA-2015-0481
OPENSUSE-SU-2015_2364-1
OPENSUSE-SU-2015_2365-1
OPENSUSE-SU-2024:10467-1
RHSA-2015:2655
RHSA-2015:2656
RHSA-2015:2658
RHSA-2015_2655
RHSA-2015_2656
RHSA-2015_2658
RHSA-2016:0078
RHSA-2016:0079
SUSE-SU-2015:2340-1
SUSE-SU-2015:2341-1
SUSE-SU-2015:2359-1
SUSE-SU-2015_2340-1
SUSE-SU-2015_2341-1
SUSE-SU-2015_2359-1
USN-2837-1

Affected Products

Alt Linux
Bind Server
Centos
Hp-Ux
Ibm Aix
Isc Bind 9.X
Red Hat
Suse
Ubuntu