SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1033452
SecurityTracker URL:  http://securitytracker.com/id/1033452
CVE Reference:   CVE-2015-5722   (Links to External Site)
Date:  Sep 2 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0.0 - 9.8.8, 9.9.0 - 9.9.7-P2, 9.10.0 - 9.10.2-P3
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash.

A remote user can send a specially crafted query to the target validating resolver that requires a response from a remote zone. The remote zone DNS server can return a specially crafted DNSSEC key to the target validating resolver to trigger an error in 'buffer.c' and cause the DNS service to crash.

Hanno Bock from the Fuzzing Project reported this vulnerability.

Impact:   A remote user can cause the target service to crash.
Solution:   The vendor has issued a fix (9.9.7-P3, 9.10.2-P4, 9.9.8rc1, 9.10.3rc1).

The vendor's advisory is available at:

https://kb.isc.org/article/AA-01287/74/CVE-2015-5722%3A-Parsing-malformed-keys-may-cause-BIND-to-exit-due-to-a-failed-assertion-in-buffer.c.html

Vendor URL:  kb.isc.org/article/AA-01287/74/CVE-2015-5722%3A-Parsing-malformed-keys-may-cause-BIND-to-exit-due-to-a-failed-assertion-in-buffer.c.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 2 2015 (Ubuntu Issues Fix) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.04.
Sep 2 2015 (FreeBSD Issues Fix) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
FreeBSD has issued a fix for FreeBSD 9.3.
Sep 3 2015 (Red Hat Issues Fix) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 5, 6, and 7.
Sep 3 2015 (Red Hat Issues Fix for bind97) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for bind97 for Red Hat Enterprise Linux 5.
Sep 4 2015 (Oracle Issues Fix for Oracle Linux) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 5, 6, and 7.
Sep 4 2015 (Oracle Issues Fix for Oracle Linux bind97) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for bind97 for Oracle Linux 5.
Sep 4 2015 (CentOS Issues Fix) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
CentOS has issued a fix for CentOS Linux 5, 6, and 7.
Sep 22 2015 (HP Issues Fix) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
HP has issued a fix for HP-UX 11.31.
Oct 22 2015 (Apple Issues Fix for Apple OS X Server) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
Apple has issued a fix for Apple OS X Server.
Oct 28 2015 (IBM Issues Fix for IBM Proventia Network Enterprise Scanner) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
IBM has issued a fix for IBM Proventia Network Enterprise Scanner.
Oct 29 2015 (BlueCat Networks Issues Fix for Adonis) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
BlueCat Networks has issued a fix for Adonis.
Nov 11 2015 (IBM Issues Fix for IBM AIX) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
IBM has issued a fix for IBM AIX 5.3, 6.1, and 7.1.
Nov 20 2015 (HP Issues Fix for HP-UX) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
HP has issued a fix for HP-UX 11.23 and 11.31.
Dec 16 2015 (HP Issues Fix) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
HP has issued a fix for HP-UX 11.11.
Dec 17 2015 (Oracle Issues Fix for Oracle Linux) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 5.
Dec 17 2015 (Oracle Issues Fix for Oracle Linux) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 5.
Jan 28 2016 (Red Hat Issues Fix) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.6.
Jan 28 2016 (Red Hat Issues Fix) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.4 and 6.5.
May 4 2016 (HP Issues Fix for HPE NonStop Server) BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash
HP has issued a fix for HPE NonStop Server.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC