SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(CentOS Issues Fix) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1034839
SecurityTracker URL:  http://securitytracker.com/id/1034839
CVE Reference:   CVE-2015-8704   (Links to External Site)
Date:  Jan 28 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.3.0 - 9.8.8, 9.9.0 - 9.9.8-P2, 9.9.3-S1 - 9.9.8-S3, 9.10.0 - 9.10.3-P2
Description:   A vulnerability was reported in ISC BIND. A remote authenticated user can cause the target service to crash.

A remote authenticated user can send specially crafted Address Prefix List (APL) data to trigger a buffer overflow and cause the target named service to crash.

The vulnerability resides in 'apl_42.c'.

Impact:   A remote authenticated user can cause the target 'named' service to crash.
Solution:   CentOS has issued a fix.

i386:
ddbfbbe93f13b2ad52daa56c2d188fdbd27ec99f8c2bb47bae45795b294d0d11 bind-9.3.6-25.P1.el5_11.6.i386.rpm
25a9c6953ff01c7b5d0cae31c4d9f472501de99084a2462c12f98710791f93a1 bind-chroot-9.3.6-25.P1.el5_11.6.i386.rpm
77b5271a5e8f4b3b196f2080a522885e1ac61934aae1aee555c4a006c9e94d72 bind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
7d417af61cd259bbaeeaa785da1f0d3b81322e52484618aaf264384f3d1a9b6f bind-libbind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
b23b685f71e43193b5f44d8c1ec94c7d437722554783f4fe49c51877395f3c45 bind-libs-9.3.6-25.P1.el5_11.6.i386.rpm
517edaa050d9d1aac33caf9df8d7697be2257ac58a62ebc4347bdf2ced679a15 bind-sdb-9.3.6-25.P1.el5_11.6.i386.rpm
86df6e077ef4232cad3d00bcad67df95412628764b43cc0e20099cd6469fc283 bind-utils-9.3.6-25.P1.el5_11.6.i386.rpm
a5b33baa5bcaad17b757a30b352281a6b7cfe23b820656c68f349ad54adb63f0 caching-nameserver-9.3.6-25.P1.el5_11.6.i386.rpm

x86_64:
38c75d87815be4802e9b4b0eadd6ff7aaecc7ab390b63bfd324556953606997b bind-9.3.6-25.P1.el5_11.6.x86_64.rpm
439b61a89198405603239230a83d32baf2fd2f1654716c19310748cb1d1242eb bind-chroot-9.3.6-25.P1.el5_11.6.x86_64.rpm
77b5271a5e8f4b3b196f2080a522885e1ac61934aae1aee555c4a006c9e94d72 bind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
96f45a79b9d6c1639484a8a2ca9ae210e46e8dd6b4e92285fc994a7bde0d45a9 bind-devel-9.3.6-25.P1.el5_11.6.x86_64.rpm
7d417af61cd259bbaeeaa785da1f0d3b81322e52484618aaf264384f3d1a9b6f bind-libbind-devel-9.3.6-25.P1.el5_11.6.i386.rpm
a02c456ce0113de0dffd642ba5a1fd2983eeb4a91a9d02653139f3cdabbb20bf bind-libbind-devel-9.3.6-25.P1.el5_11.6.x86_64.rpm
b23b685f71e43193b5f44d8c1ec94c7d437722554783f4fe49c51877395f3c45 bind-libs-9.3.6-25.P1.el5_11.6.i386.rpm
024c84269610726dae11e7e5ff02c03210984bbd87cb06af13bd095cc57bffe1 bind-libs-9.3.6-25.P1.el5_11.6.x86_64.rpm
5413c5a298327da426f17910082560b27ea64bfda8d25fad526e667557ec033e bind-sdb-9.3.6-25.P1.el5_11.6.x86_64.rpm
4609a64d0b10e1ff219a4d6ddcf225bb98486db32d476dac085ffd9c4cf8db60 bind-utils-9.3.6-25.P1.el5_11.6.x86_64.rpm
6e8d5003341a937e49e221ed5bca41f680bef0143669e8a36283f07b96eddc95 caching-nameserver-9.3.6-25.P1.el5_11.6.x86_64.rpm

Source:
17b44d7032712e6a3542f01e2d58a31f5a0ee89f98616231d8810bd0798e0f3f bind-9.3.6-25.P1.el5_11.6.src.rpm

i386:
b6ed7e941878203bab5f445fdf02242ebc7ddb9e106d21448fa934567b6c9d69 bind-9.8.2-0.37.rc1.el6_7.6.i686.rpm
ec4e913be997eb6ecb0adb463b3e048fd258abb50719d28e3bda699ba5564ac3 bind-chroot-9.8.2-0.37.rc1.el6_7.6.i686.rpm
6d0bc1d187e270721a840ff5b444ef71def121e3fcc3b0e3000be956ccefd2cb bind-devel-9.8.2-0.37.rc1.el6_7.6.i686.rpm
e4b5938891980805d1f2b6cce9d3cf35d287c6fb23955966f5c33988011002d8 bind-libs-9.8.2-0.37.rc1.el6_7.6.i686.rpm
3219ce9865b0c077cec06304bd44e6093a94e2deb20131ac9eaf12be99390c85 bind-sdb-9.8.2-0.37.rc1.el6_7.6.i686.rpm
fd0239cafda5baa254ce72b463032948de416ec28a52b13239efecaf16ed4672 bind-utils-9.8.2-0.37.rc1.el6_7.6.i686.rpm

x86_64:
5c6dc609593f17d383c2d7c4c491b6b782453e11ac62770461eaa569f86971de bind-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
fcac37ddb041c983721cec05d536513900a0726a106a39d8bd6a5635f0b8ad76 bind-chroot-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
6d0bc1d187e270721a840ff5b444ef71def121e3fcc3b0e3000be956ccefd2cb bind-devel-9.8.2-0.37.rc1.el6_7.6.i686.rpm
a2b62f0e56767af74ecc39b32cff9bab02630d2ed828e1caa4cdc225f9cdf6b0 bind-devel-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
e4b5938891980805d1f2b6cce9d3cf35d287c6fb23955966f5c33988011002d8 bind-libs-9.8.2-0.37.rc1.el6_7.6.i686.rpm
bafaa0e1646245658301a2aec80915fd79a28b8cac54b0fbdd33a7aeb917cce0 bind-libs-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
72f64bdd0a6deaede7760d0728da752558913fe5f266ad39b383fcda390e541a bind-sdb-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
563fb6fe2028e188ec044091e79e415b067d2073b4fde07b7f179fee3f611e77 bind-utils-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm

Source:
f6634e8e85939b9d204cb50d84fad0d31f095fc1c351ace5c20ee89cd522a984 bind-9.8.2-0.37.rc1.el6_7.6.src.rpm

x86_64:
687d126e287b5261d66dfdefd6f2275667f6172810d437d89db00fe5b3699fd8 bind-9.9.4-29.el7_2.2.x86_64.rpm
85ec2b5256b2f7317eccb164514664a6d70ef259c88fe8fdb8420265fd35a656 bind-chroot-9.9.4-29.el7_2.2.x86_64.rpm
5c787513258b287757d732b1c64081bc3c5279a4302bfd4f290df16d142e33dd bind-devel-9.9.4-29.el7_2.2.i686.rpm
e8864072298c6083b61945891ddd0084da8426527e380bbd9d40f199589d6055 bind-devel-9.9.4-29.el7_2.2.x86_64.rpm
a8c318b3f3bfd258ba58125e638971ea58cc9be8489f42121bd16ac2c06c178b bind-libs-9.9.4-29.el7_2.2.i686.rpm
e21275bf4758672beeb929263ef90eacbe35a4ae72394c6281ac7ba7b47f8627 bind-libs-9.9.4-29.el7_2.2.x86_64.rpm
73a32ba26598b5a23b99530fe699fb934a67f3f968e584e2374a99672780fed1 bind-libs-lite-9.9.4-29.el7_2.2.i686.rpm
be4a8fec4ddf26a67053fcd4d7533564e032db6aa8f351c6953f1403917a5b64 bind-libs-lite-9.9.4-29.el7_2.2.x86_64.rpm
5e07d967ce3a00f18f5c78065b1dc3d6afd85447ebcb1c45772450f80479fc29 bind-license-9.9.4-29.el7_2.2.noarch.rpm
3c42a0bc47f6ddb9df1ad59adc9847ea78ad95c1bb0dbd5cd7ddd6b2423add9d bind-lite-devel-9.9.4-29.el7_2.2.i686.rpm
ac5cb51ddb57e365c99fbe15e978662ae6a11b2fbf6e3e2ba33f147b9835e858 bind-lite-devel-9.9.4-29.el7_2.2.x86_64.rpm
e92f2c1f37f67be2266c54dff8049dd9ddfbb4b8748ac1c899c5288f1125b055 bind-pkcs11-9.9.4-29.el7_2.2.x86_64.rpm
21c6d74ec37c375dd97f580f33a0b4ef9a03d4605ce385e30337712327c9e012 bind-pkcs11-devel-9.9.4-29.el7_2.2.i686.rpm
1b5db2d89b0ab1c0d576a5de73f08f4a6aaded98cdf40585cb90ff1ce9e2be11 bind-pkcs11-devel-9.9.4-29.el7_2.2.x86_64.rpm
6da046cfc1bed327100f00c18257e4db6163143027f688ce95093c92ab25d890 bind-pkcs11-libs-9.9.4-29.el7_2.2.i686.rpm
581c28fbae1ad38b9b969a8e4913e3d9cfd7bd8ca3bc8d816a43bec9d93722fb bind-pkcs11-libs-9.9.4-29.el7_2.2.x86_64.rpm
5368ad7cc0023a8b6764a935b207ca5f01e2eab4a7f68f35dc931d326f7d735f bind-pkcs11-utils-9.9.4-29.el7_2.2.x86_64.rpm
f1b676334768c532e108a5b2e659495957a0c3c9a56ea0e15ff00c960d0a9997 bind-sdb-9.9.4-29.el7_2.2.x86_64.rpm
dcec313d83c6b9027ac92c67b74cb79e3958cbacf3f5294128a1221722a79c09 bind-sdb-chroot-9.9.4-29.el7_2.2.x86_64.rpm
3094d168064b902abd356da286858c323d6d43b518701a9a9e163868adcdcd59 bind-utils-9.9.4-29.el7_2.2.x86_64.rpm

Source:
f7bf841e6e6c5aa5bb8f231eaf7f069272574987f3acf4d4d895db28259518c1 bind-9.9.4-29.el7_2.2.src.rpm

Cause:   Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5, 6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Jan 20 2016 ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0073 Moderate CentOS 7 bind Security Update


CentOS Errata and Security Advisory 2016:0073 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0073.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
687d126e287b5261d66dfdefd6f2275667f6172810d437d89db00fe5b3699fd8  bind-9.9.4-29.el7_2.2.x86_64.rpm
85ec2b5256b2f7317eccb164514664a6d70ef259c88fe8fdb8420265fd35a656  bind-chroot-9.9.4-29.el7_2.2.x86_64.rpm
5c787513258b287757d732b1c64081bc3c5279a4302bfd4f290df16d142e33dd  bind-devel-9.9.4-29.el7_2.2.i686.rpm
e8864072298c6083b61945891ddd0084da8426527e380bbd9d40f199589d6055  bind-devel-9.9.4-29.el7_2.2.x86_64.rpm
a8c318b3f3bfd258ba58125e638971ea58cc9be8489f42121bd16ac2c06c178b  bind-libs-9.9.4-29.el7_2.2.i686.rpm
e21275bf4758672beeb929263ef90eacbe35a4ae72394c6281ac7ba7b47f8627  bind-libs-9.9.4-29.el7_2.2.x86_64.rpm
73a32ba26598b5a23b99530fe699fb934a67f3f968e584e2374a99672780fed1  bind-libs-lite-9.9.4-29.el7_2.2.i686.rpm
be4a8fec4ddf26a67053fcd4d7533564e032db6aa8f351c6953f1403917a5b64  bind-libs-lite-9.9.4-29.el7_2.2.x86_64.rpm
5e07d967ce3a00f18f5c78065b1dc3d6afd85447ebcb1c45772450f80479fc29  bind-license-9.9.4-29.el7_2.2.noarch.rpm
3c42a0bc47f6ddb9df1ad59adc9847ea78ad95c1bb0dbd5cd7ddd6b2423add9d  bind-lite-devel-9.9.4-29.el7_2.2.i686.rpm
ac5cb51ddb57e365c99fbe15e978662ae6a11b2fbf6e3e2ba33f147b9835e858  bind-lite-devel-9.9.4-29.el7_2.2.x86_64.rpm
e92f2c1f37f67be2266c54dff8049dd9ddfbb4b8748ac1c899c5288f1125b055  bind-pkcs11-9.9.4-29.el7_2.2.x86_64.rpm
21c6d74ec37c375dd97f580f33a0b4ef9a03d4605ce385e30337712327c9e012  bind-pkcs11-devel-9.9.4-29.el7_2.2.i686.rpm
1b5db2d89b0ab1c0d576a5de73f08f4a6aaded98cdf40585cb90ff1ce9e2be11  bind-pkcs11-devel-9.9.4-29.el7_2.2.x86_64.rpm
6da046cfc1bed327100f00c18257e4db6163143027f688ce95093c92ab25d890  bind-pkcs11-libs-9.9.4-29.el7_2.2.i686.rpm
581c28fbae1ad38b9b969a8e4913e3d9cfd7bd8ca3bc8d816a43bec9d93722fb  bind-pkcs11-libs-9.9.4-29.el7_2.2.x86_64.rpm
5368ad7cc0023a8b6764a935b207ca5f01e2eab4a7f68f35dc931d326f7d735f  bind-pkcs11-utils-9.9.4-29.el7_2.2.x86_64.rpm
f1b676334768c532e108a5b2e659495957a0c3c9a56ea0e15ff00c960d0a9997  bind-sdb-9.9.4-29.el7_2.2.x86_64.rpm
dcec313d83c6b9027ac92c67b74cb79e3958cbacf3f5294128a1221722a79c09  bind-sdb-chroot-9.9.4-29.el7_2.2.x86_64.rpm
3094d168064b902abd356da286858c323d6d43b518701a9a9e163868adcdcd59  bind-utils-9.9.4-29.el7_2.2.x86_64.rpm

Source:
f7bf841e6e6c5aa5bb8f231eaf7f069272574987f3acf4d4d895db28259518c1  bind-9.9.4-29.el7_2.2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC