SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1033100
SecurityTracker URL:  http://securitytracker.com/id/1033100
CVE Reference:   CVE-2015-5477   (Links to External Site)
Date:  Jul 29 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.1.0 - 9.8.x, 9.9.0 - 9.9.7-P1, 9.10.0 - 9.10.2-P2
Description:   A vulnerability was reported in ISC BIND. A remote user can cause the target service to crash.

A remote user can send a specially crafted TKEY query packet to trigger a REQUIRE assertion failure and cause the named service to crash. The flaw occurs prior to the access control list checks.

Recursive and authoritative servers are affected.

Jonathan Foote reported this vulnerability.

Impact:   A remote user can cause the target named service to crash.
Solution:   The vendor has issued a fix (9.9.7-P2, 9.10.2-P3).

The vendor's advisory is available at:

https://kb.isc.org/article/AA-01272

Vendor URL:  kb.isc.org/article/AA-01272 (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 29 2015 (F5 Networks Issues Advisory for F5 BIG-IP) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
F5 Networks has issued an advisory for F5 BIG-IP.
Jul 29 2015 (Red Hat Issues Fix) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 5, 6, and 7.
Jul 29 2015 (FreeBSD Issues Fix) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
FreeBSD has issued a fix for FreeBSD 8.4 and 9.3.
Jul 29 2015 (Ubuntu Issues Fix) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
Ubuntu has issued a fix for Ubuntu 12.04 LTS, 14.04 LTS, and 15.04.
Jul 29 2015 (CentOS Issues Fix) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
CentOS has issued a fix for CentOS 5 and 7.
Jul 31 2015 (Oracle Issues Fix for Oracle Linux) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 5, 6, and 7.
Aug 13 2015 (Apple Issues Fix for OS X Server) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
Apple has issued a fix for OS X Server.
Aug 14 2015 (IBM Issues Fix for IBM AIX) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
IBM has issued a fix for IBM AIX 6.1 and 7.1.
Aug 21 2015 (HP Issues Fix for HP-UX) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
HP has issued a fix for HP-UX 11.31.
Aug 27 2015 (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
McAfee has issued a fix for McAfee Firewall Enterprise.
Sep 4 2015 (Oracle Issues Fix for Oracle Linux) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 5.
Sep 4 2015 (Oracle Issues Fix for Oracle Linux bind97) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for bind97 for Oracle Linux 5.
Sep 8 2015 (HP Issues Fix for OpenVMS) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
HP has issued a fix for OpenVMS 5.7 ECO5.
Sep 22 2015 (HP Issues Fix) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
HP has issued a fix for HP-UX 11.31.
Sep 22 2015 (HP Issues Fix) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
HP has issued a fix for HP-UX 11.31.
Dec 17 2015 (Oracle Issues Fix for Oracle Linux) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 5.
Dec 17 2015 (Oracle Issues Fix for Oracle Linux) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 5.
Jan 28 2016 (Red Hat Issues Fix) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.6.
Jan 28 2016 (Red Hat Issues Fix) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.4 and 6.5.
Feb 25 2016 (Juniper Issues Fix for Juniper Junos) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
Juniper has issued a fix for Juniper Junos.
May 4 2016 (HP Issues Fix for HPE NonStop Server) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
HP has issued a fix for HPE NonStop Server.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC