PT-2016-5212 · Isc+5 · Isc Bind+5

Published

2016-07-19

Updated

2024-06-15

CVE-2016-2775

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ISC BIND versions 9.9.x before 9.9.9-P2 ISC BIND versions 9.10.x before 9.10.4-P2 ISC BIND versions 9.11.x before 9.11.0b2

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This occurs when lwresd or the named lwres option is enabled and an overly long request is sent using the lightweight resolver protocol.

Recommendations For ISC BIND versions 9.9.x before 9.9.9-P2, update to version 9.9.9-P2 or later. For ISC BIND versions 9.10.x before 9.10.4-P2, update to version 9.10.4-P2 or later. For ISC BIND versions 9.11.x before 9.11.0b2, update to version 9.11.0b2 or later. As a temporary workaround, consider disabling the lwres option or lwresd until a patch is available.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2017-1464

CVE-2016-2775

DLA-645-1

DSA-3680-1

MGASA-2016-0332

OPENSUSE-SU-2017_1063-1

OPENSUSE-SU-2024:10650-1

RHSA-2017:2533

SUSE-SU-2017:0998-1

SUSE-SU-2017:0999-1

SUSE-SU-2017:1000-1

SUSE-SU-2017_0998-1

SUSE-SU-2017_0999-1

SUSE-SU-2017_1000-1

USN-5747-1

Affected Products

Alt Linux

Bind Server

Ibm Aix

Isc Bind

Suse

Ubuntu

PT-2016-5212 · Isc+5 · Isc Bind+5

CVE-2016-2775

Weakness Enumeration

Related Identifiers

Affected Products

References · 110