SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1034739
SecurityTracker URL:  http://securitytracker.com/id/1034739
CVE Reference:   CVE-2015-8704   (Links to External Site)
Date:  Jan 20 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.3.0 - 9.8.8, 9.9.0 - 9.9.8-P2, 9.9.3-S1 - 9.9.8-S3, 9.10.0 - 9.10.3-P2
Description:   A vulnerability was reported in ISC BIND. A remote authenticated user can cause the target service to crash.

A remote authenticated user can send specially crafted Address Prefix List (APL) data to trigger a buffer overflow and cause the target named service to crash.

The vulnerability resides in 'apl_42.c'.

Impact:   A remote authenticated user can cause the target 'named' service to crash.
Solution:   The vendor has issued a fix (9.9.8-P3, 9.10.3-P3).

The vendor's advisory is available at:

https://kb.isc.org/article/AA-01335

Vendor URL:  kb.isc.org/article/AA-01335 (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 20 2016 (Ubuntu Issues Fix) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, 15.04, and 15.10.
Jan 27 2016 (Red Hat Issues Fix) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 5, 6, and 7.
Jan 28 2016 (Oracle Issues Fix for Oracle Linux) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 5, 6, and 7.
Jan 28 2016 (Oracle Issues Fix for Oracle Linux) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
Oracle has issued a fix for bind97 for Oracle Linux 5.
Jan 28 2016 (CentOS Issues Fix) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
CentOS has issued a fix for bind97 for CentOS 5.
Jan 28 2016 (CentOS Issues Fix) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
CentOS has issued a fix for CentOS 5, 6, and 7.
Jan 28 2016 (Red Hat Issues Fix) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
Red Hat has issued a fix for bind97 for Red Hat Enterprise Linux 5.
Jan 29 2016 (FreeBSD Issues Fix) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
FreeBSD has issued a fix for FreeBSD 9.3.
Mar 1 2016 (HP Issues Fix) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
HP has issued a fix for HP-UX B.11.31.
Apr 26 2016 (IBM Issues Fix for IBM AIX) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Nov 11 2016 (Oracle Issues Fix for Oracle Linux) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC