SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(Apple Issues Fix for OS X Server) ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1033273
SecurityTracker URL:  http://securitytracker.com/id/1033273
CVE Reference:   CVE-2015-5477   (Links to External Site)
Date:  Aug 13 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.1.0 - 9.8.x, 9.9.0 - 9.9.7-P1, 9.10.0 - 9.10.2-P2
Description:   A vulnerability was reported in ISC BIND. A remote user can cause the target service to crash.

A remote user can send a specially crafted TKEY query packet to trigger a REQUIRE assertion failure and cause the named service to crash. The flaw occurs prior to the access control list checks.

Recursive and authoritative servers are affected.

Jonathan Foote reported this vulnerability.

Impact:   A remote user can cause the target named service to crash.
Solution:   Apple has issued a fix for OS X Server (4.1.5).

The Apple advisory is available at:

https://support.apple.com/en-us/HT205032

Vendor URL:  support.apple.com/en-us/HT205032 (Links to External Site)
Cause:   Exception handling error
Underlying OS:  UNIX (macOS/OS X)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 29 2015 ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash



 Source Message Contents

Subject:  APPLE-SA-2015-08-13-4 OS X Server v4.1.5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-08-13-4 OS X Server v4.1.5

OS X Server v4.1.5 is now available and addresses the following:

BIND
Available for:  OS X Yosemite v10.10.5 or later
Impact:  A remote attacker may be able to cause a denial of service
Description:  An assertion issue existed in the handling of TKEY
packets. This issue was addressed by updating BIND to version
9.9.7-P2.
CVE-ID
CVE-2015-5477


OS X Server v4.1.5 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJVzM4HAAoJEBcWfLTuOo7tu9cP/2It/oKRdKsIVpPwYotWpd4T
z27BBAR0F3IPDA+xtHoe3fVyHjC94jyHNyme7mMNDnU3vlueZRT+3hE5EtjlC8fI
kAtAhX8AnFQMYPhEhWO8XFbbqlObEx96IWUif5+U80466vGyjQqtFnBICLsg32ws
FefIXGbjep8c6JZOCWx+zu9Y8miwjAQdfkQFvySIVbaMwudXufLcUzgpag5gXeHn
hzT+GcHBivxWRh0guVlTZm124cSUjW8327/HM5KZSOfwTTdSXzl37/VJQmu8bBSK
0Ci4gwoFf4gRNhDiW/J1pJ4tHSYEijT+xhPs1D0SX9yhQYldFK9PTgfORnbP6xht
3H/L0PO8t9WUDzhbIoimJIyChJpWMwKoObwVrbn1VSRSwkGiMh4MqxCeJ0ThCcuG
FVjscvsHKtdaCu7Z4+drTHN6exurhnMSRuP81GnIFUU1cbD1YiKOGvG/WvjXD7Ht
w6PtkO4r2QkV+lkv9MgHLTVK066PGKbgdOqyvczIDaB38ot0+F/QU1P9ltaf1eJv
oWF/fcRJFY/gw1UBoLffFk1Cv1SBUauocbsrJdgcMfwvxN2otCfXU66ixySGDS/T
pgivXR19bIZYEQKPf+umLlaHbg0bhtCmdOIzivJESZMO6wbNoyMX+rezxZp1A+30
Vohf/oIuiMLP4o84Mg5n
=fp6V
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC