SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(CentOS Issues Fix) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1034838
SecurityTracker URL:  http://securitytracker.com/id/1034838
CVE Reference:   CVE-2015-8704   (Links to External Site)
Date:  Jan 28 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.3.0 - 9.8.8, 9.9.0 - 9.9.8-P2, 9.9.3-S1 - 9.9.8-S3, 9.10.0 - 9.10.3-P2
Description:   A vulnerability was reported in ISC BIND. A remote authenticated user can cause the target service to crash.

A remote authenticated user can send specially crafted Address Prefix List (APL) data to trigger a buffer overflow and cause the target named service to crash.

The vulnerability resides in 'apl_42.c'.

Impact:   A remote authenticated user can cause the target 'named' service to crash.
Solution:   CentOS has issued a fix.

i386:
1ac16b73eca063cb4f562733a64e35cff3ef7873209b22c48e6bbe1b5df936e6 bind97-9.7.0-21.P2.el5_11.5.i386.rpm
d00a5209fd4a6c72783037af6b7909bcfa767a66385b245ad3b287ddfe48f4b7 bind97-chroot-9.7.0-21.P2.el5_11.5.i386.rpm
9ceb0ca912faefe419906fac778a83648ba1795a5c69f6382fda81df9a023fe1 bind97-devel-9.7.0-21.P2.el5_11.5.i386.rpm
8ffd71c8d09ac29cc9a9310c7d04c5249d34fab41559a918d504125386ddc441 bind97-libs-9.7.0-21.P2.el5_11.5.i386.rpm
d924ae3b48500a8982a4ccb6249dd87bc9a5fe272abdee158e1eaa7935fdb58c bind97-utils-9.7.0-21.P2.el5_11.5.i386.rpm

x86_64:
b157e8406abe9110c9d40d4ae745d1136929de910986c82944f85240829ae42b bind97-9.7.0-21.P2.el5_11.5.x86_64.rpm
5418786b36f906420acc4c157d35a81d4e5e78acd42ce0cb477ae3043977f78e bind97-chroot-9.7.0-21.P2.el5_11.5.x86_64.rpm
9ceb0ca912faefe419906fac778a83648ba1795a5c69f6382fda81df9a023fe1 bind97-devel-9.7.0-21.P2.el5_11.5.i386.rpm
c4da10547d26ffd16aa93e0ea69a9b1d7728c0a3f69d29e50339b1449305cf36 bind97-devel-9.7.0-21.P2.el5_11.5.x86_64.rpm
8ffd71c8d09ac29cc9a9310c7d04c5249d34fab41559a918d504125386ddc441 bind97-libs-9.7.0-21.P2.el5_11.5.i386.rpm
df963d049822cfbf4832f0b7fcf9481b55252248a0f7ee4e1ad554350a811e32 bind97-libs-9.7.0-21.P2.el5_11.5.x86_64.rpm
7962f4a2e941a2de8da8f8729a17d7f42b5d90a5b9f544ccd9351811dc7a2963 bind97-utils-9.7.0-21.P2.el5_11.5.x86_64.rpm

Source:
7a939bb5c6f9605c0b6798511dd7d5574fdaa2f24e325aaae0bc2ba2602de81d bind97-9.7.0-21.P2.el5_11.5.src.rpm

Cause:   Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5

Message History:   This archive entry is a follow-up to the message listed below.
Jan 20 2016 ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0074 Moderate CentOS 5 bind97 Security Update


CentOS Errata and Security Advisory 2016:0074 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0074.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
1ac16b73eca063cb4f562733a64e35cff3ef7873209b22c48e6bbe1b5df936e6  bind97-9.7.0-21.P2.el5_11.5.i386.rpm
d00a5209fd4a6c72783037af6b7909bcfa767a66385b245ad3b287ddfe48f4b7  bind97-chroot-9.7.0-21.P2.el5_11.5.i386.rpm
9ceb0ca912faefe419906fac778a83648ba1795a5c69f6382fda81df9a023fe1  bind97-devel-9.7.0-21.P2.el5_11.5.i386.rpm
8ffd71c8d09ac29cc9a9310c7d04c5249d34fab41559a918d504125386ddc441  bind97-libs-9.7.0-21.P2.el5_11.5.i386.rpm
d924ae3b48500a8982a4ccb6249dd87bc9a5fe272abdee158e1eaa7935fdb58c  bind97-utils-9.7.0-21.P2.el5_11.5.i386.rpm

x86_64:
b157e8406abe9110c9d40d4ae745d1136929de910986c82944f85240829ae42b  bind97-9.7.0-21.P2.el5_11.5.x86_64.rpm
5418786b36f906420acc4c157d35a81d4e5e78acd42ce0cb477ae3043977f78e  bind97-chroot-9.7.0-21.P2.el5_11.5.x86_64.rpm
9ceb0ca912faefe419906fac778a83648ba1795a5c69f6382fda81df9a023fe1  bind97-devel-9.7.0-21.P2.el5_11.5.i386.rpm
c4da10547d26ffd16aa93e0ea69a9b1d7728c0a3f69d29e50339b1449305cf36  bind97-devel-9.7.0-21.P2.el5_11.5.x86_64.rpm
8ffd71c8d09ac29cc9a9310c7d04c5249d34fab41559a918d504125386ddc441  bind97-libs-9.7.0-21.P2.el5_11.5.i386.rpm
df963d049822cfbf4832f0b7fcf9481b55252248a0f7ee4e1ad554350a811e32  bind97-libs-9.7.0-21.P2.el5_11.5.x86_64.rpm
7962f4a2e941a2de8da8f8729a17d7f42b5d90a5b9f544ccd9351811dc7a2963  bind97-utils-9.7.0-21.P2.el5_11.5.x86_64.rpm

Source:
7a939bb5c6f9605c0b6798511dd7d5574fdaa2f24e325aaae0bc2ba2602de81d  bind97-9.7.0-21.P2.el5_11.5.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC