PT-2016-1629 · Isc+9 · Isc Bind 9.10.X+10

Published

2015-07-29

·

Updated

2024-06-15

·

CVE-2016-1286

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions ISC BIND 9.x before 9.9.8-P4 ISC BIND 9.10.x before 9.10.3-P4
Description The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and daemon exit, via a crafted signature record for a DNAME record. This is related to errors in db.c and resolver.c. The vulnerability exists due to insufficient input validation, which can be exploited by a remote attacker to trigger the denial of service.
Recommendations For ISC BIND 9.x before 9.9.8-P4, update to version 9.9.8-P4 or later to resolve the issue. For ISC BIND 9.10.x before 9.10.3-P4, update to version 9.10.3-P4 or later to resolve the issue. As a temporary workaround, consider restricting access to the named process to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2015-1641
ALT-PU-2017-1027
BDU:2016-00941
CESA-2016_0459
CVE-2016-1286
DSA-3511-1
MGASA-2016-0107
OPENSUSE-SU-2016_0827-1
OPENSUSE-SU-2016_0834-1
OPENSUSE-SU-2016_0859-1
OPENSUSE-SU-2024:10467-1
RHSA-2016:0458
RHSA-2016:0459
RHSA-2016:0562
RHSA-2016:0601
RHSA-2016_0458
RHSA-2016_0459
SUSE-SU-2016:0759-1
SUSE-SU-2016:0780-1
SUSE-SU-2016:0825-1
SUSE-SU-2016:1541-1
USN-2925-1

Affected Products

Alt Linux
Bind Server
Centos
Freebsd
Ibm Aix
Isc Bind 9.10.X
Isc Bind 9.X
Junos
Red Hat
Suse
Ubuntu