SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
SecurityTracker Alert ID:  1034418
SecurityTracker URL:  http://securitytracker.com/id/1034418
CVE Reference:   CVE-2015-8000   (Links to External Site)
Date:  Dec 15 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0.x - 9.9.8, 9.10.0 - 9.10.3
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash.

A remote user that can cause the target server to request a record with a specially crafted class attribute can trigger a parsing error in 'db.c' and cause the target named service to crash.

Servers that perform recursive queries are affected.

Impact:   A remote user can cause the target named service to crash.
Solution:   The vendor has issued a fix (9.9.8-P2, 9.10.3-P2).

The vendor's advisory is available at:

https://kb.isc.org/article/AA-01317

Vendor URL:  kb.isc.org/article/AA-01317 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 15 2015 (Ubuntu Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, 15.04, and 15.10.
Dec 16 2015 (FreeBSD Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
FreeBSD has issued a fix for FreeBSD 9.3.
Dec 16 2015 (HP Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
HP has issued a fix for HP-UX 11.11.
Dec 16 2015 (Red Hat Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6 and 7.
Dec 16 2015 (Red Hat Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Dec 16 2015 (Red Hat Issues Fix for bind97) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
Red Hat has issued a fix for bind97 Red Hat Enterprise Linux 5.
Dec 16 2015 (CentOS Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
CentOS has issued a fix for CentOS 7.
Dec 17 2015 (Oracle Issues Fix for Oracle Linux) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
Oracle has issued a fix for Oracle Linux 6 and 7.
Dec 17 2015 (Oracle Issues Fix for Oracle Linux) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
Oracle has issued a fix for Oracle Linux 5.
Dec 17 2015 (Oracle Issues Fix for Oracle Linux) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
Oracle has issued a fix for Oracle Linux 5.
Dec 17 2015 (CentOS Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
CentOS has issued a fix for CentOS 5.
Dec 17 2015 (CentOS Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
CentOS has issued a fix for bind97 for CentOS 5.
Jan 28 2016 (Red Hat Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.6.
Jan 28 2016 (Red Hat Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.4 and 6.5.
Feb 27 2016 (IBM Issues Fix for IBM AIX) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Mar 1 2016 (HP Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
HP has issued a fix for HP-UX B.11.31.
Nov 11 2016 (Oracle Issues Fix for Oracle Linux) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
Oracle has issued a fix for Oracle Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC