SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(CentOS Issues Fix) BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
SecurityTracker Alert ID:  1034465
SecurityTracker URL:  http://securitytracker.com/id/1034465
CVE Reference:   CVE-2015-8000   (Links to External Site)
Date:  Dec 17 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0.x - 9.9.8, 9.10.0 - 9.10.3
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash.

A remote user that can cause the target server to request a record with a specially crafted class attribute can trigger a parsing error in 'db.c' and cause the target named service to crash.

Servers that perform recursive queries are affected.

Impact:   A remote user can cause the target named service to crash.
Solution:   CentOS has issued a fix.

i386:
a391b19066a380dfe5f49949484656fb4c0184d849409d16cd705ca766c6c2c9 bind-9.3.6-25.P1.el5_11.5.i386.rpm
a95bc39d5997333565f7ce0834134638868268ee25edeb8a31f2b541645aa760 bind-chroot-9.3.6-25.P1.el5_11.5.i386.rpm
78ae77851bcb3824abbc8aa5b88dbe174912504967db9988596463a59115edc9 bind-devel-9.3.6-25.P1.el5_11.5.i386.rpm
4ab04d99036291cc60c905c591b8f0c4bd33253ab0c464217f9796aa84aa0ce4 bind-libbind-devel-9.3.6-25.P1.el5_11.5.i386.rpm
c0207497c021605575abba89a819a73d2a7f21ff1182111511b9494ee7ac9531 bind-libs-9.3.6-25.P1.el5_11.5.i386.rpm
084e99f4a33b21290ae3ec25ddcbcfdd89aa646e8abd27bdd877094f41315809 bind-sdb-9.3.6-25.P1.el5_11.5.i386.rpm
919e8c5f2143f54e71a222c3fe33583aa832191012948a400c45afa968b9854e bind-utils-9.3.6-25.P1.el5_11.5.i386.rpm
bed58b1ce7d3ff3451cdcf98fe986a86430675917dc3a9f749215af2be3ba240 caching-nameserver-9.3.6-25.P1.el5_11.5.i386.rpm

x86_64:
66b48d94bb5278a89db513069e718225a5c1ac5de6d6cad150aa56cabc00a8da bind-9.3.6-25.P1.el5_11.5.x86_64.rpm
82e8c1fe7b30b4248ea4256c3baa5e4aa5de600953953e8f12213f04973a0c8f bind-chroot-9.3.6-25.P1.el5_11.5.x86_64.rpm
78ae77851bcb3824abbc8aa5b88dbe174912504967db9988596463a59115edc9 bind-devel-9.3.6-25.P1.el5_11.5.i386.rpm
cc7c15dbd9808577c9aaaca7c00ef839e9f9089f83464cdd6ecff71d624ae92d bind-devel-9.3.6-25.P1.el5_11.5.x86_64.rpm
4ab04d99036291cc60c905c591b8f0c4bd33253ab0c464217f9796aa84aa0ce4 bind-libbind-devel-9.3.6-25.P1.el5_11.5.i386.rpm
6652af1629265afcf4a22c6ddc1f9cd98da1d880b2d883f604f1609deaeae8d6 bind-libbind-devel-9.3.6-25.P1.el5_11.5.x86_64.rpm
c0207497c021605575abba89a819a73d2a7f21ff1182111511b9494ee7ac9531 bind-libs-9.3.6-25.P1.el5_11.5.i386.rpm
23bfda6f1a4bcf3cf2f88d1efa06ce709ae41347050903c41ff6abd57caafec9 bind-libs-9.3.6-25.P1.el5_11.5.x86_64.rpm
2de6dbaf5a1b217d78ddb89c1aad6ccbb951e4e555992f95f3e9287b0886b15a bind-sdb-9.3.6-25.P1.el5_11.5.x86_64.rpm
6f4ae6d44b9840c7e84acdf3fd0ebc81444c7a6b347011afd0d6daa24ba9a1d8 bind-utils-9.3.6-25.P1.el5_11.5.x86_64.rpm
7ef7166742195d5ac49c2bb9d222ac57fcb6a33b57705a269f5d73eb8ca9961a caching-nameserver-9.3.6-25.P1.el5_11.5.x86_64.rpm

Source:
9a65818d99a1d0beee5f80952a91e7588066375c164cd5a920c0bd47c4fec747 bind-9.3.6-25.P1.el5_11.5.src.rpm

Cause:   Input validation error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5

Message History:   This archive entry is a follow-up to the message listed below.
Dec 15 2015 BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash



 Source Message Contents

Subject:  [CentOS-announce] CESA-2015:2656 Important CentOS 5 bind Security Update


CentOS Errata and Security Advisory 2015:2656 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-2656.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
a391b19066a380dfe5f49949484656fb4c0184d849409d16cd705ca766c6c2c9  bind-9.3.6-25.P1.el5_11.5.i386.rpm
a95bc39d5997333565f7ce0834134638868268ee25edeb8a31f2b541645aa760  bind-chroot-9.3.6-25.P1.el5_11.5.i386.rpm
78ae77851bcb3824abbc8aa5b88dbe174912504967db9988596463a59115edc9  bind-devel-9.3.6-25.P1.el5_11.5.i386.rpm
4ab04d99036291cc60c905c591b8f0c4bd33253ab0c464217f9796aa84aa0ce4  bind-libbind-devel-9.3.6-25.P1.el5_11.5.i386.rpm
c0207497c021605575abba89a819a73d2a7f21ff1182111511b9494ee7ac9531  bind-libs-9.3.6-25.P1.el5_11.5.i386.rpm
084e99f4a33b21290ae3ec25ddcbcfdd89aa646e8abd27bdd877094f41315809  bind-sdb-9.3.6-25.P1.el5_11.5.i386.rpm
919e8c5f2143f54e71a222c3fe33583aa832191012948a400c45afa968b9854e  bind-utils-9.3.6-25.P1.el5_11.5.i386.rpm
bed58b1ce7d3ff3451cdcf98fe986a86430675917dc3a9f749215af2be3ba240  caching-nameserver-9.3.6-25.P1.el5_11.5.i386.rpm

x86_64:
66b48d94bb5278a89db513069e718225a5c1ac5de6d6cad150aa56cabc00a8da  bind-9.3.6-25.P1.el5_11.5.x86_64.rpm
82e8c1fe7b30b4248ea4256c3baa5e4aa5de600953953e8f12213f04973a0c8f  bind-chroot-9.3.6-25.P1.el5_11.5.x86_64.rpm
78ae77851bcb3824abbc8aa5b88dbe174912504967db9988596463a59115edc9  bind-devel-9.3.6-25.P1.el5_11.5.i386.rpm
cc7c15dbd9808577c9aaaca7c00ef839e9f9089f83464cdd6ecff71d624ae92d  bind-devel-9.3.6-25.P1.el5_11.5.x86_64.rpm
4ab04d99036291cc60c905c591b8f0c4bd33253ab0c464217f9796aa84aa0ce4  bind-libbind-devel-9.3.6-25.P1.el5_11.5.i386.rpm
6652af1629265afcf4a22c6ddc1f9cd98da1d880b2d883f604f1609deaeae8d6  bind-libbind-devel-9.3.6-25.P1.el5_11.5.x86_64.rpm
c0207497c021605575abba89a819a73d2a7f21ff1182111511b9494ee7ac9531  bind-libs-9.3.6-25.P1.el5_11.5.i386.rpm
23bfda6f1a4bcf3cf2f88d1efa06ce709ae41347050903c41ff6abd57caafec9  bind-libs-9.3.6-25.P1.el5_11.5.x86_64.rpm
2de6dbaf5a1b217d78ddb89c1aad6ccbb951e4e555992f95f3e9287b0886b15a  bind-sdb-9.3.6-25.P1.el5_11.5.x86_64.rpm
6f4ae6d44b9840c7e84acdf3fd0ebc81444c7a6b347011afd0d6daa24ba9a1d8  bind-utils-9.3.6-25.P1.el5_11.5.x86_64.rpm
7ef7166742195d5ac49c2bb9d222ac57fcb6a33b57705a269f5d73eb8ca9961a  caching-nameserver-9.3.6-25.P1.el5_11.5.x86_64.rpm

Source:
9a65818d99a1d0beee5f80952a91e7588066375c164cd5a920c0bd47c4fec747  bind-9.3.6-25.P1.el5_11.5.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC